Infosecurity - Defcon: Researchers warn software updates can be hijacked

Researchers with Radware were busy over the weekend showing a Defcon audience how a classic man-in-the-middle attack could be engineered when notebook computers attempt to seek out updates for their software across public access WiFi networks.

Using a demo programme called Ippon - which means 'one full point' in Japanese martial arts and is used to signal a knock-out in judo - Radware's researchers showed how requests for updates from around 100 popular applications could be intercepted and replied to with an infected payload.

Itzik Kotler, team leader of Radware's security operations centre, along with his colleague Tomer Bitton, showed a Defcon audience how Ippon customises messages for the particular application and sends a message indicating there is an update available.

A malicious file is then downloaded from the attacker's server onto the victim's computer.

The bottom line to the demonstration, Infosecurity notes, seems to be not to allow updates to take place when using a public access WiFi network.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Share

Related Links

Related Stories

Top 5 Stories

News

Defcon: Researchers warn software updates can be hijacked

Researchers with Radware were busy over the weekend showing a Defcon audience how a classic man-in-the-middle attack could be engineered when notebook computers attempt to seek out updates for their software across public access WiFi networks.

Comment on this article

Members' Login

Forgotten login?

Not a member?