Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberoam Packet Inspection Devices Open Traffic To Third Parties

Posted by Unknown on from the security-through-oh-screw-it dept.

New submitter jetcityorange tipped us to a nasty security flaw in Cyberoam packet inspection devices. The devices are used by employers and despotic governments alike to intercept communications; in the case of employers probably for relatively mundane purposes (no torrenting at work). However, the CA key used to issue fake certificates so that the device can intercept SSL traffic is the same on every device, allowing every Cyberoam device to intercept traffic that passed through any other one. But that's not all: "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or, indeed, to extract the key from the device and import it into other DPI devices, and use those for interception. Perhaps ones from more competent vendors."

1 of 29 comments (clear)

  1. Re:Why should they be competent by Jeremiah+Cornelius · · Score: 4, Interesting

    The most interesting aspect of this story, NOT HIGHLIGHTED IN THE SUMMARY, is that this was discovered by volunteers on the TOR project - and was being used as a compromise of a TOR node.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."