The attackers can access the keys needed to decrypt traffic going through the appliances.
Comment on Thousands of customers imperiled after nation-state ransacks F5’s network
Lost_My_Mind@lemmy.world 17 hours agoMe: Uh-huh. Uh-huh. Uh-huh
Those certainly are some words that I understand seperately, but not together.
Brkdncr@lemmy.world 14 hours ago
tal@lemmy.today 16 hours ago
There is a class of products that consist of a hardware box that you ram your traffic moving between different business locations through that then tries to accelerate it. F5 is one manufacturer of them. One technique these use is to have private key material such that they can pretend to be the server at the other end of a TLS connection — that’s most of the “encrypted” traffic that you see on the Internet. If you go to an “https” URL in your Web browser, you’re talking TLS, using en encrypted connection. They can then decode the traffic and use various caching and other modification techniques on the decoded information to reduce the amount of traffic moving across the link and to reduce effective latency, avoid transferring duplicate information, etc. Once upon a time, when there was a lot less encrypted traffic in the world, you could just do this by working on cleartext data, but over time, network traffic have increasingly become encrypted. Many such techniques become impossible with encrypted traffic.
The problem is that to let this box do impersonate such a server so that it can get at the unencrypted traffic, they have to have a private key that permits them to impersonate the real server. Having access to this key is also interesting to an attacker, because it would similarly let them impersonate the real server, which would let them view or modify network traffic in transit. If one could push new, malicious software up to control these boxes, one could steal these keys, which would be of interest to attackers in attacking other systems.
It sounds, to my brief skim, like attackers got control of the portion of F5’s internal network that is involved with building and distributing software updates to these boxes.
paraphrand@lemmy.world 15 hours ago
Sounds like an inbuilt self inflicted back door on encryption to me!
Back doors are always bad!