Zuk Avraham, founder and CEO of Zimperium- found that an attacker can extract a LinkedIn user’s credentials, hijack their session to gain access to all other LinkedIn information and impersonate the user. LinkedIn has left its users exposed to potential exploitation, due to the way the site uses Secure Sockets Layer (SSL) encryption.
All users are vulnerable to this attack, this vulnerability doesn’t just exist when an attacker is on the same network as the target.
If an attacker has already compromised a device, once that device enters a different network, the attacker can use the victim’s device to attack other users on the same network.
A hacker can use a MITM attack to intercept a user’s communication by replacing all “https” requests with its non-encrypted form, “http”. This technique is known in the security community as “SSL stripping”.
This allows the attacker to read everything the victim does in plain text. Once the attacker has extracted a user’s credentials, they can reuse the user’s credentials or session cookies to authenticate and forge the exact session.
With LinkedIn, the default login page is using SSL so that users’ credentials (i.e., username and password) will be sent securely to the server. Once the user authentication is successful, it will redirect to http:// for the remainder of the time a user is browsing LinkedIn.
The data will be sent over an unencrypted channel where an attacker can intercept the communication using a “Man-in-the-Middle” (MITM) attack and will be able to ‘sniff’ the communication.
This MITM attack the attacker will strip all https:// requests to http:// in order to intercept the victim’s traffic meaning all the communication data will be in plain text and easily read by the attacker. This attack is possible when an attacker is on the same network as the victim.
