TeLeScope: Ερευνητές της Bitdefender ανακάλυψαν ότι οι κρυπτογραφημένες επικοινωνίες μπορούν να αποκρυπτογραφηθούν σε πραγματικό χρόνο, χρησιμοποιώντας μια τεχνική που έχει σχεδόν μηδενικό αποτύπωμα και είναι αόρατη σε οποιονδήποτε, εκτός από εξαιρετικά προσεκτικούς ελεγκτές ασφαλείας.
The technique, called telescope or TeLeScope, has been developed for research purposes and demonstrates that a third party can listen to communications encrypted with the Transport Layer Security (TLS) protocol.
The attack makes it possible for a malicious Cloud provider, or for any three-letter government service, to recover the TLS keys used to encrypt each communication session between virtual servers and cliets or end users.
"There is no information on which communications have been compromised and for how long, because this approach leaves no trace," said Bogdan Botezatu, Senior Threat Analyst at Bitdefender.
"Banks and companies dealing with either intellectual property or collection and storage of personal information, as well as government bodies, are the areas that could be greatly affected by this flaw.”
The TeLeScope technique is only effective in virtual environments running on a hypervisor. Such infrastructures are becoming more and more popular, and are provided by major companies in the industry, such as Amazon, Google, Microsoft and DigitalOcean.
The technique instead of exploiting a flaw in the Security Transfer Layer layer is based on the extraction of TLS keys on the hypervisor level by clever memory probing.
Bogdan Botezatu continues:
“We discovered this attack while looking for a way around it monitoring εξερχόμενης κακόβουλης δραστηριότητας στο honeypot δίκτυό μας χωρίς να παρέμβουμε στη λειτουργία του machinewithout stopping the attackers, trying not to realize that they were being watched. After discovering the flaw, we decided to disclose it publicly and in detail, as the social, economic and political stakes of passively monitoring traffic in virtual environments are too great.”
