Last week, PC maker Lenovo was called out for shipping laptops with adware, called “Superfish,” pre-installed – an incident that led Facebook to investigate the larger issue of SSL-sniffing software being packaged as seemingly harmless applications to users.
Facebook found that more than a dozen other applications used the same third party SSL decryption library from Komodia that Superfish relies on “to modify the Windows networking stack and install a new root Certificate Authority (CA),” the company revealed Friday on its Protect the Graph security blog.
When the Lenovo news surfaced last week, security experts noted that the Superfish issue allowing man-in-the-middle (MitM) attacks via a self-signed root certificate was so troubling, because it meant attackers could intercept encrypted SSL connections, and, ultimately, eavesdrop and steal or modify data belonging to users as they peruse webmail or sign into online banking, among other online activities.
Matt Richard, a threats researcher on Facebook’s security team, who authored the Friday post, explained that the company teamed with Carnegie Mellon University researchers in 2012 to start tracking the prevalence of SSL MitM attacks in the wild.
Through its research, released soon after the Lenovo-Superfish news, Facebook observed a number of certificate issuers, including CartCrunch Israel LTD, WiredTools LTD, Say Media Group LTD, and ArcadeGiant, leveraging the Komodia library.
Read the Full Article: Source – SC Magazine