Website Auto-complete Leaks Data Even Over Encrypted Link

Use Netsparker


I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations.

This time some researcher type fellas focused on the digital noise autocomplete webforms make over an encrypted connection and how it can expose some pretty sensitive data such as medical histories, income, search queries and more.

Google, Yahoo, Microsoft’s Bing, and other leading websites are leaking medical histories, family income, search queries, and massive amounts of other sensitive data that can be intercepted even when encrypted, computer scientists revealed in a new research paper.

Researchers from Indiana University and Microsoft itself were able to infer the sensitive data by analyzing the distinct size and other attributes of each exchange between a user and the website she was interacting with. Using man-in-the-middle attacks, they could glean the information even when transactions were encrypted using the Secure Sockets Layer, or SSL, protocol or the WPA, or Wi-fi Protected Access protocol.

“Our research shows that surprisingly detailed sensitive user data can be reliably inferred from the web traffic of a number of high-profile, top-of-the-line web applications” offered by Google, Yahoo, and Bing as well as the leading online providers of tax, health and investments services, which the researchers didn’t name.

There’s a lot of inference going on but from what I understand of the attack it would only get more accurate as they collected more data and refined the pattern matching.

The attack can succeed over SSL (https connections) or WPA encrypted wireless sessions.

It’s like a rather complex puzzle piecing together different snippets of meta data to come out with an answer, which so far seems to be working well.


They also showed how the auto-suggestion features in Google, Yahoo!, and Bing can leak the search terms users enter, even when traffic is encrypted over WPA. That’s because the resulting packets are easy to identify by their “web flow vectors.”

The threat is significant because it stems from fundamental characteristics of software-as-a-service applications that have been in vogue for about a decade. Among other things, apps built on AJAX and other Web 2.0 technologies are usually “stateful,” meaning they keep track of unique configuration information. Such data often has “low entropy,” making it easy for attackers to make educated guesses about its contents.

While a variety of mitigations are available to prevent such attacks, the researchers warn they could come at a high cost. The most obvious solution is to “pad” responses with superfluous data that confuses attackers trying to make sense of the traffic. But the researchers showed the mitigation isn’t always effective and they also point out that it adds a considerable amount of traffic to each transaction, which in turn drives up the costs of operation.

Honestly as a real life attack, apart from corporate espionage or identity theft I don’t see how it is very practical or dangerous.

Plus mitigation will produce a lot of redundant data and increase operation costs, who wants that?

You can get the full white-paper here:

WebAppSideChannel-final.pdf [PDF]

Source: The Register

Posted in: Cryptography, Exploits/Vulnerabilities, Privacy

, , , , ,


Latest Posts:


Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


Comments are closed.