Certificate Verification Vulnerability in Windows 10 Allowed hacker to Play Rick Astley’s Video Song on Agency Website.
On Tuesday, Microsoft released an urgent update addressing critical Windows 10 vulnerability discovered by the US National Security Agency (NSA). The vulnerability (CVE-2020-0601), revolves around validating security certificates, causing browsers to display malicious websites as secure and encrypted.
To demonstrate how this vulnerability can be exploited, security researcher Saleem Rashid decided to play with the NSA itself. He shared an image of his attack technique on Twitter showing how he was able to exploit the vulnerability.
The images also show how users, when accessing nsa.gov, are directed to a video of singer Rick Astley singing his popular 80’s hit song “Never Gonna Give You Up.” The action is known on the internet as “Rickrolling“, commonly used as a catch. Rashid did the same with the GitHub website, a platform popular among software developers.
Upon learning of the flaw, Rashid devised a technique that works against both Chrome and Edge browsers. Contacting the Ars Technica website, he explained that it only required 100 lines of code to build his tool, but could do so with only 10 if he removed some useful functionality.
In practice, the vulnerability causes certificate validation to be completely broken, affecting websites, software updates, VPNs, and various other services that are crucial to computer security.
— ✨saleem✨ (@saleemrash1d) January 15, 2020
Nevertheless, according to ArsTechnica, applying this attack in the real world would not be easy, thanks to a number of factors that would require targeting to reach someone specific. The most common method would involve a technique known as “man-in-the-middle” where the victim and the cybercriminal are usually connected on the same network, and data traffic is tampered with while the victim accesses a site. Another option would be to have the victim click on a fake URL.
That said, the NSA notes that, despite all the limitations, it is a matter of time for more sophisticated cybercriminals to understand vulnerability and how to exploit it more ostensibly. Therefore, the best way to protect yourself is to install the recently released Windows 10 update from Microsoft.
It is worth noting that Saleem Rashid is a highly skilled security researcher who for some reason keeps a low profile. Previously, Rashid demonstrated how he managed to hack Ledger hardware cryptocurrency wallet. He also revealed how the presumably unhackable Bitfi wallet backed by John McAfee could be easily hacked. The company later released a statement announcing that the unhackable tag will be removed from their marketing materials.