Home > Wireless security > SSLstrip: Even Careful Users Can Be Trapped by Wireless Honeypots

SSLstrip: Even Careful Users Can Be Trapped by Wireless Honeypots

August 9th, 2009

Moxie Marlinspike presented SSLstrip at Blackhat early this year. The author made observation as to how most people initiate access to secure (HTTPS) websites using insecure connection (HTTP) which creates opportunity for the man-in-the-middle (MITM) attacker to get into the middle of the connection without flashing certificate mismatch message on the user’s machine. It is also possible to display a fake lock icon on the browser. This is unnerving because even those scrupulous users who pay heed to the certificate mismatch warnings can no more avoid MITM attacks by just doing that.

This exploit is also particularly interesting for wireless security because of the ease with which it is possible to get in as MITM over Wi-Fi link using Honeypot (Evil Twin) tools. Once the MITM is established with the victim over Wi-Fi, exploits such as SSLstrip can make the job of the attacker all the more easier as even the scrupulous user will not suspect anything amiss as there won’t be certificate mismatch warning plus there will be a lock icon displayed next to the URL in the browser.

Useful links on information on SSLstrip:

 

Hemant Chaskar

Hemant Chaskar is Vice President for Technology and Innovation at AirTight. He oversees R&D, product strategy, and intellectual property.Hemant has more than 15 years of experience in the networking, wireless, and security industry and holds several patents in these areas.

Twitter 

Wireless security , , , , ,

Comments

  1. Kiran G
    November 10th, 2009 at 10:00 | #1

    Looks like more SSL vulnerabilities are being discovered:
    http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600523

  1. No trackbacks yet.

Your email address will not be published. Required fields are marked *