what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Goole WAP Open Proxy Vulnerability

Goole WAP Open Proxy Vulnerability
Posted Dec 31, 2008
Authored by SVRT | Site security.bkis.vn

The WAP Proxy service from Google leaves users open to attack.

tags | exploit
SHA-256 | d858eb00053caf19b8fa40d48a52153ab886ebb6575e2a62a47a1b34bb17895d

Goole WAP Open Proxy Vulnerability

Change Mirror Download
[SVRT-08-08] Google Wap Proxy Vulnerability can be exploited by Hackers to 
attack Internet Users

1. General Information
On 15 December 2008, SVRT-BKIS, from BKIS Center, has found a vulnerability
in the Wap Proxy service of Google, which allows hackers to cheat Internet
users.

With this flaw, users are to think that they are using a trustworthy service
supplied by Google while all their actions are actually performed on
websites prepared by hackers. This means hackers can easily steal users'
sensitive information. We have been warning of this hole to Google.

Details : http://security.bkis.vn/?p=310

SVRT Advisory : SVRT-08-08
Initial vendor notification : 12-16-2008
Release Date : 12-27-2008
Update Date : 12-27-2008
Discovered by : Dau Huy Ngoc - SVRT-Bkis
Security Rating : Critical
Impact : Phishing
Affected Software http://google.com/gwt/n ; http://wap.google.com/gwt/n

Proof of concept:
http://google.com/gwt/n?u=http://security.bkis.vn/Proof-of-concept/Google/GmailWap.htm

Video Demonstration : You can download at
http://security.bkis.vn/Proof-of-concept/Google/GoogleWapProxyVuln.wmv
or view at http://www.youtube.com/watch?v=h654Cj-uRQY

2. Technical Description
Google Wap Proxy, also known as Google Wireless Transcoder, is a service
that helps translate the content of an arbitrary website into XHTML format
suitable for Wap browsers on cell phones.

Making use of this service, when users access the link
http://google.com/gwt/n?u=[http://website] with their cell phones, the
content displayed by the browsers will be translated from that of the
website at [http://website]. However, if [http://website] is the address of
a website prepared by a hacker, he/she can definitely take advantage of the
service to deceive users.

In order to perform the attack, a hacker creates a website with the
interface similar to that of Google. Then he's/she's in some way sending
users a link in the form
http://google.com/gwt/n?u=[http://fake-google-website]. As this link starts
with google.com or wap.google.com, domain of Google, users might think it is
safe and follow all the operations arranged by hackers, which results in
their losing sensitive information.

In fact, if this service only translated and displayed contents of websites,
there would be no flaw to be exploited by hackers. The Achilles' heel is
that users can interact with the websites, in other words, they can still
login, input personal information and credit card information. via Wap
Proxy. If the website in effect is created by hackers, all users' actions
will be saved on hackers' servers.

And for this reason, the vulnerability is due to a design fault in Google
Wap Proxy Service. We have tested it with a fake website that has the
interface identical to the Gmail login page. When users login via the site,
their accounts and passwords will be disclosed. Follow this link to check
for the test:
http://google.com/gwt/n?u=http://security.bkis.vn/Proof-of-concept/Google/GmailWap.htm

This service supports cell phone users but due to the fact that the provided
links could be both wap.google.com and google.com, it also affects all
Internet users in general.

3. Solution
Rating this vulnerability high severity, Bkis Center recommends that users:
- Only log into their Gmail accounts at the address
www.google.com/accounts.
- Do not perform actions such as logging in, inputting sensitive
information. when using Google Wap Proxy service.
- Be cautious with strange links, even links starting with domain
names of well-known organizations like Google, Yahoo!, and Microsoft.

Credits
Thanks to Dau Huy Ngoc for working together with us in the detection and
alert process of this vulnerability.

SVRT-Bkis



Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close