+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 
  • Home
  • tech
  • A frightening new vulnerability could let hackers bypass the one thing that keeps us safe online

A frightening new vulnerability could let hackers bypass the one thing that keeps us safe online

Cale Guthrie WeissmanMay 21, 2015, 01:12 IST
hyku/Flickr

Researchers just discovered an online vulnerability currently being called LogJam - and it's believed to be affecting 8% of the world's biggest websites. What makes it so severe, however, is that the vulnerability stems from the type of technology most websites use to keep our personal information safe as it travels throughout the Web. LogJam is essentially a problem with encryption - which is the way computers secure data being transferred online so that third-parties have no way of intercepting communications. Using mathematical code, encryption translates all data into a huge garble of numbers that only the source and recipient can decode.Researchers found that certain hackers can attack "keys," which are the things that code and decode encrypted data. Keys are long strings of numbers that hide the content of the data being transferred. The longer the key, the more secure the code.LogJam, however, makes it possible in certain situations for attackers to change these long, strong keys into shorter, weaker keys - making them much easier crack. And, web browsers can't even tell that the keys have been tampered with. LogJam affects more than 8% of the top million websites on the internet, meaning that nearly one out of every ten website you go to likely has this issue.

And there's even more bad news about our current encryption practices: The paper discussing this vulnerability also revealed that what are considered 'midlevel' encryption keys are actually easier to crack that originally thought.

This means that if a website uses these keys, well-resourced attackers can actually intercept those communications too.

The ramifications of LogJam are huge on a theoretical level, though perhaps less so in application. What makes the vulnerability seem so threatening is the idea that the current practice in place for protecting our online identities may not be as secure as we think. "Cryptography makes certain promises about confidentiality, and this vulnerability violates that trust," Tod Beardsley from security firm Rapid7 wrote in a statement.In that sense, LogJam is similar to the Heartbleed bug, which was thought by many to be one of the most chilling online bug discoveries.

Still, the point of entry for LogJam is very slight. The only way to successfully capitalize on the LogJam bug is to be on the same network as the person you're trying to intercept at the same time as them. Otherwise, you would need extensive digital resources, such as those granted to the government.

"Either they are real close by - in the same network," said Beardsley in a phone conversation with Business Insider. "Or, they are in the internet." This latter part means state actors who "control a big chunk of whatever the backbone is."

In other words, unless the attacker is sharing the same Wi-Fi network as you, it's extremely difficult to perform this attack unless your part of a large-scale surveillance program backed by millions of dollars.

All the same, the ramifications are still palpable. LogJam creates the sort of encryption backdoor at which state sponsored surveillance rings would salivate.

Following this news, browsers are already scrambling to implement patches to fix the problem. Google and Mozilla both responded to The Wall Street Journal saying their browsers would not support these weak keys within the coming weeks. Additionally, many of the servers still using these weak keys are scrambling to update their systems.

NOW WATCH: Kids settle the debate and tell us which is better: an Apple or Samsung phone

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Latest Stories
Govt proposes task force to push for 500 GW renewable energy capacity target
Indian smartphone shipments grow 5.6% in Q3 2024, Vivo leads the market
Oscar-winning director Steve McQueen speaks out on prostate cancer diagnosis and recovery journey
India's BPM industry to see sharp demand for AI-skilled talent over the next 3-5 years
JioStar announces plans starting at ₹15 – here’s everything you need to know
Trending News
Next Article
Next Story
Popular Categories
Trending Right Now

Copyright @ 2024. Times Internet Limited. All rights reserved.For reprint rights. Times Syndication Service.