Black Hat Las Vegas: SSL/TLS HEIST attack can grab personal info
A new technique has been unveiled that can attack SSL/TLS and other secure channels purely in the browser to expose encrypted email addresses, Social Security numbers and other sensitive data.
In particular, they showed how a side-channel attack could affect the way responses are sent at the TCP level, which could then grab a plaintext message. "Compression-based attacks [such as CRIME and BREACH] can now be performed purely in the browser, by any malicious website or script, without requiring network access," the researchers said.
Whereas before an attacker would approach from a man-in-the-middle position, the new strategy allows bad actors to capture victims by using a website owned by a malicious party.
The consequence, they explained, is that their attack can allow the theft of sensitive information from targets by penetrating services on websites.