TeLeScope: Bitdefender researchers discovered that encrypted communications can be decrypted in real-time using a technique which has almost zero footprint and is invisible to anyone except extremely careful security screeners.
The technique, called telescope or TeLeScope, has been developed for research purposes and demonstrates that a third party can listen to communications encrypted with the Transport Layer Security (TLS) protocol.
Η επίθεση καθιστά δυνατή για έναν κακόβουλο πάροχο Cloud, ή για οποιαδήποτε κυβερνητική υπηρεσία με τρία γράμματα, να ανακτήσει τα wrenches TLS used to encrypt each communication session between virtual servers and cliets, or end users.
"There is no information on which communications have been compromised and for how long, because this approach leaves no trace," said Bogdan Botezatu, Senior Threat Analyst at Bitdefender.
"Banks and the Companies dealing with either intellectual property or the collection and storage of personal information, as well as government bodies, are the sectors that could be greatly affected by this flaw.”
The TeLeScope technique is only effective in virtual environments running on a hypervisor. Such infrastructures are becoming more and more popular, and are provided by major companies in the industry, such as Amazon, Google, Microsoft and DigitalOcean.
The technique instead exploits a flaw in the protocol layer transports Security, is based on the extraction of TLS keys at the hypervisor level by clever memory probing.
Bogdan Botezatu continues:
"We discovered this attack while looking for a way to monitor outgoing malicious activity on our honeypot network without interfering with the operation of the machine and without stopping the attackers, trying not to understand that they were being watched. "Once the defect was discovered, we decided to disclose it publicly and in detail, as the social, economic and political stakes of passive traffic monitoring in virtual environments are too great."
