Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ever worst part is this

“they really do POST everything via HTTP (not HTTPS) and there is no asymmetric (or even symmetric) encryption applied to the data which is uploaded. Everything is in the clear. If you're connected to an unencrypted WiFi network this information is being broadcast to everyone around you, to your network operator and any intermediate network hops to the command and control server.”

So not only your photos, contacts, msgs are stollen but then they are sent to attacker on http so the data is logged probably on every router, modem and wifi sniffers.



That's not the worst part. The worst part is the attacker getting the data. The slight chance that while you're infected you also happen to be on a public wifi in the same room at the same time as a random opportunistic hacker, or that an ISP employee is risking their job by combing through petabytes of transient customer data, is much less concerning.


Attacker already got the data http or https. But by publishing over http...other sniffers of public traffic also get your data.


Maybe just to get data broadcasted is the goal, and having that reaching a centralised server is not the primary goal; imagine an operational theatre.


This makes sense if a state level actor, with global network visibility (including playback capabilities, aka XKEYSCORE and TEMPORA) is behind it.

Even if a C&C server is taken down, they would still be able to persist the data.


Surprising. Is it really that much more effort to make a HTTPS call instead?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: