- Dec 30, 2012
- 4,809
The latest version of the Chrome browser, version 69, released yesterday, includes a critical patch for a design issue that an attacker could exploit to steal WiFi logins from home or corporate networks.
The issue is that older versions of Chrome would auto-fill usernames and passwords in login forms loaded via HTTP.
Elliot Thompson, a researcher with UK cyber-security firm SureCloud, put together a technique that exploits this design issue in a complex multi-step attack through which he was able to steal WiFi login data, something that Chrome doesn't even handle in the first place.
His attack, which he named Wi-Jacking (also WiFi Jacking), works with Chrome on Windows. The steps for executing a Wi-Jacking attack are detailed below:
More
The issue is that older versions of Chrome would auto-fill usernames and passwords in login forms loaded via HTTP.
Elliot Thompson, a researcher with UK cyber-security firm SureCloud, put together a technique that exploits this design issue in a complex multi-step attack through which he was able to steal WiFi login data, something that Chrome doesn't even handle in the first place.
His attack, which he named Wi-Jacking (also WiFi Jacking), works with Chrome on Windows. The steps for executing a Wi-Jacking attack are detailed below:
More