Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies. The attack works against both the TLS layer and the application layer and many major browsers, including Chrome and Firefox, are vulnerable. This video shows one of their exploits in action.
Demo of the CRIME TLS Attack
Author:
Dennis Fisher
minute read
Share this article:
Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies.