TeLeScope: Bitdefender researchers have discovered that encrypted communications can be decrypted in real time using a virtually zero fingerprint technique and invisible to anyone except extremely careful security controllers.
The technique, called the telescope or TeLeScope, has been developed for research purposes and proves that a third party can eavesdrop on communications encrypted with the protocol Transport Layer Security (TLS).
The attack makes it possible for a malicious Cloud provider, or any cybernetic service με τρία γράμματα, να ανακτήσει τα wrenches TLS used to encrypt each communication session between virtual servers and cliets, or end users.
"There is no information on which communications have been compromised and for how long, because this approach leaves no trace," said Bogdan Botezatu, Senior Threat Analyst at Bitdefender.
"Banks and companies that deal with either intellectual property or the collection and storage of personal information, as well as government agencies, are the areas that could be greatly affected by this flaw."
The TeLeScope technique is only effective in virtual environments running on one Hypervisor. Such infrastructures are increasingly popular, and are provided by major companies in the sector, such as Amazon, Google, Microsoft and DigitalOcean.
The technique instead of exploiting a flaw in the Security Transfer Layer layer is based on the extraction of TLS keys on the hypervisor level by clever memory probing.
Bogdan Botezatu continues:
"We discovered this attack while looking for a way to monitor outgoing malicious activity on our honeypot network without interfering with the operation of the machine and without stopping the attackers, trying not to understand that they were being watched. "Once the defect was discovered, we decided to disclose it publicly and in detail, as the social, economic and political stakes of passive traffic monitoring in virtual environments are too great."
