Latest in Gear

Image credit: AP Photo/Mark Lennihan

Russian hackers modify Chrome and Firefox to track secure web traffic

The perpetrators may have Russian government support.
1626 Shares
Share
Tweet
Share
Save

Sponsored Links

AP Photo/Mark Lennihan

Many hackers won't touch web browsers beyond exploiting their vulnerabilities, but one group is taking things one step further. Kaspersky has detailed attempts by a Russian group, Turla, to fingerprint TLS-encrypted web traffic by modifying Chrome and Firefox. The team first infects systems with a remote access trojan and uses that to modify the browsers, starting with installing their own certificates (to intercept TLS traffic from the host) and then patching the pseudo-random number generation that negotiates TLS connections. That lets them add a fingerprint to every TLS action and passively track encrypted traffic.

Just why the intruders would need to do that isn't entirely clear. If you've infected a system with a remote control trojan, you don't need to patch the browser to spy on traffic. ZDNet suggested it might be a failsafe that let intruders spy on traffic for people who remove the trojan, but aren't cautious enough to reinstall their browsers.

The perpetrators appear to be easier to identify, and that might reveal their motives. Turla is believed to work under the protection of the Russian government, and initial targets were located in Russia and Belarus. The group is sophisticated enough to have compromised Eastern European internet providers in the past to infect otherwise clean downloads. This may be an attempt to snoop on dissidents and other political targets using a method that's difficult to thwart.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1626 Shares
Share
Tweet
Share
Save

Popular on Engadget

$35 off coupon makes Google's Titan security keys almost free

$35 off coupon makes Google's Titan security keys almost free

View
Logitech made a $200 webcam for Apple's $5,000 pro display

Logitech made a $200 webcam for Apple's $5,000 pro display

View
Co-operative horror shooter ‘GTFO’ hits Steam Early Access

Co-operative horror shooter ‘GTFO’ hits Steam Early Access

View
Walmart will test driverless grocery deliveries in Houston

Walmart will test driverless grocery deliveries in Houston

View
Netflix says 26.4 million accounts watched ‘The Irishman’ in its first week

Netflix says 26.4 million accounts watched ‘The Irishman’ in its first week

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr