Security researcher to demonstrate free automated tool that attacks popular sites

A free, open source automated tool that can attack users accessing Facebook, Gmail, LinkedIn and LiveJournal, would be on demonstration by a security researcher on Tuesday, October 14.

The tool named The Middler, can carry out automated man-in-the-middle attacks on users who access services using public networks in coffee shops, hotels and aeroplanes by intercepting communications in order to pass the attacker’s own data between the user’s device and the website. According to researcher Jay Beale, computers and iPhones could be easily compromised via their software-update mechanisms. Beale revealed that if some user shared a LAN with him, he would be able to view and modify the entire traffic of the user.

Jay Beale will demonstrate The Middler at the SecTor conference being held in Toronto this month.

According to Beale, the tool is dangerously capable of taking exploitation to a new level of simplicity. It did not require web-application hacking experience for launching attacks.

According to Beale’ company, InGuardians, the demonstration is aimed at highlighting a weakness inherently found in popular online applications particularly the clear-text HTTP transmissions.

Beale noted that many companies did not realise that encrypting only the application’s password form exposes users to man-in-the-middle attacks. The tool is capable of hijacking sessions such as Gmail without user interaction. After hijacking, the attacker could read a user’s email, address book, send emails and obstruct the user from logging out.

Beale is also due to demonstrate the installation of a Trojan horse on an iPhone and the hijacking of a session in a bank to make people realise vulnerabilities.

Segnala presso: