Category Archives: Vulnerability Research

SignWise Chrome plugin leaks ID card certificate to arbitrary web sites

signwise_privacy_leak

If you have installed the SignWise plugin (available for Windows and OSX, up to at least version 1.10) to your computer, beware of privacy considerations. SignWise Chrome extension forwards the end-user certificate of the inserted eID smart card without any user interaction to any website, in plain text!

A malicious web site has to embed only a few lines of JavaScript code to collect certificate information from its visitors:

var s = new SignWiseChromePlugin();
s.getAuthenticationCertificate(function(v, e) {…

Similar flaw in 2010 was observed in the official EstEID browser plugin. Will see how much time it will take for SignWise to fix this flaw.

Update from the SignWise Team:

SignWise is happy that our software and services are used by the experts who value the high level security. We are sorry that our provided software had such a problem as described in your post. As of today (12.03.2015) we are happy to inform that your described problem is solved and user information is not shared anymore as described in your post. Our products: SignWise Services (https://www.signwise.org) and SignWise Portal (https://portal.signwise.org) have been built following highest standards of security and strict confidentiality in mind and following the business and security requirements and demands to e-sign high-value electronic documents both in-country and cross borders.

Links:
http://martinpaljak.net/sign/swhack.html
http://id.anttix.org/leak/leak.html

Mobile Pwn2Own 2014: Estonian hacked Nexus 5 using Wi-Fi attack

PacSec2014_pwn20wn

Researchers hacked several of the latest popular smartphones during the Mobile Pwn2Own competition that took place alongside the PacSec Applied Security Conference in Tokyo on November 12-13.

The competition, organized by HP’s Zero Day Initiative (ZDI) and sponsored by BlackBerry and the Google Android Security team, targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5.

Jüri Aedla of Estonia used a Wi-Fi attack against a Nexus 5, but failed to elevate his privileges, HP said.

Links:
http://www.securityweek.com/mobile-pwn2own-2014-iphone-5s-galaxy-s5-nexus-5-fire-phone-hacked