Skip to main content
banner image
venafi logo

Encryption Digest 2: Cookie theft, spyware and why PKI is still cool

Encryption Digest 2: Cookie theft, spyware and why PKI is still cool

Encryption Digest 2: PKI and Cookie Theft and Spyware. Apple Enterprise Program, stalkerware
April 20, 2019 | Katrina Dobieski
Forget the sophisticated spyware – these days all a hacker need do is install a bit of malware and happen upon some unprotected cookies to snag the keys to a company’s kingdom.

As VPN service providers notice cookies stored in unencrypted memory logs, they are issuing fixes just as fast. Encryption goes both ways as PKI loses zero relevance in the changing landscape of an IoT takeover, and Apple’s Enterprise Program gets abused as dealers roll out invasive apps designed to syphon data. Catch up on what’s trending in encryption news as we scour top headlines to bring you the industry’s latest.

 

PKI: Why We Won’t Stop Talking About It

Ten years ago, PKI (Public Key Infrastructure) validated information about a specific individual, issuing them a certificate from a trusted third-party Certificate Authority. The CA would use their top-secret private key to validate your public one, issuing a certificate that allowed information to pass through to you, the right person. Your email account wasn’t just hacked.

In today’s world, humans are no longer required to authenticate their every online action. Processes are becoming lean and automated and machines are proliferating like forest bunnies. With IoT devices replacing humans on nearly every level, is PKI still relevant? Read the full article.

 

Vulnerable VPNs leave Companies Open to Attack

What happens when you don’t lock up the cookies? A security advisory is issued by the US’ Computer Emergency Response Team (CERT) and two major VPN service providers issue immediate patches.

The dilemma came from VPN providers failing to encrypt memory and log files where cookies were stored on client computers. These cookies save usernames and passwords to avoid manual logins. However, with a bit of malware a hacker could use the unprotected cookies to gain access to the VPN, running all the same applications as the user. F5 was previously a victim of this type of vulnerability, since patching the problem and suggesting two-factor authentication for any lingering complications. Read the full article.

 

Apple’s Enterprise App Leveraged for Spyware

The Enterprise Program and its lowered permissions were originally designed to give companies leeway to create “proprietary in-house apps” for their employees; now shady developers marketplace illegal downloads, bootlegged games and data-harvesting grime.

Of primary concern is a stalkerware app linked to surveillance developer Conexxa. The malware was discovered by Lookout, who linked it to mobile networks in Italy and Turkmenistan. Once installed, it can pick your iPhone clean of contacts, audio, video and real-time location, including dropping in on your phone calls. The use of pinned certificates implicated it as a professionally developed app. Read the full article.


Related Posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Huawei mobile devices

Encryption Digest 7 | Lethal Apps, Contraband Huawei and A Door that Unlocks Itself

Encryption, Sectigo, EV certificate, extended validation certificate

Encryption Digest 6 | Bank Threats, Leaked Secret Keys and HTTPS Phishing

Encryption, encryption backdoor, HIPAA

Encryption Stories That Caught Our Eye | June 14

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat