The beauty of the technique presented by Alex Pilosov and Kapela is that hackers don’t need to break into websites or plant malicious computer code to control and tamper with data travelling the Internet, the presentation showed.

That’s because instead of trying to subvert security systems, the hackers concentrated on fooling compuers into sending their data to the wrong destination. Currently, the networks responsible for managing the traffic on the internet enjoy an automatic trust. If one network claims that they can move the data the fastest, then they are made responsible for accepting the information and making sure it reaches its destination—without any question of the network’s legitimacy.

All Pilosov and Kapela was to make their network claim that they could handle the data most efficiently, and they were able to gain access to the information practically everyone at DefCon was sending online. Theoretically, by applying this exploit on a larger scale, it will be possible for hackers to pretend that they’re someone else. By mimicking a trusted website for instance, it’s possible to get people’s personal and credit card info.

Kudos to Pilosov and Kapela for making their findings public. Staying transparent about vulnerabilities is always the best way to deal with them, as the information needed to counter such exploits is as widely available as possible. Let’s see how companies and manufacturers respond to this.

Post from: The Gadget Blog