0

In order to decrypt HTTPS you need the public key and the private key. How can a hacker acquire the private key?

What exactly does he have to do to get it? I read that they use packet sniffers like Wireshark to decrypt HTTPS, is this true?

I also read somewhere that the hacker needs to have physical access of your device (computer, smartphone) to get the private key.

So if your router gets hacked is decryption of https possible and can the complete url of sites that you visit be viewed?

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
Marecz
  • 11
  • 1

4 Answers4

3

So if your router gets hacked is decryption of https possible and can the complete url of sites that you visit be viewed?

In order to decrypt HTTPS one must first be some man in the middle to get access to the traffic and second have the private key for the server in question. With the server doing DH key exchange (most servers today, since RSA key exchange is obsolete) one must also be able to modify the traffic and claim the identity of the server, i.e. active man in the middle and not only one passively sniffing.

Hacking the router might provide the ability to sniff and modify the traffic. But the private key of some server on the internet is private to this server. There is no access to this key on the router or on the client since it gets never transmitted - all what the server does is prove that it owns the key by signing some challenge. Thus neither (in case of RSA key exchange) passive sniffing and decryption of the HTTPS traffic from arbitrary servers on the router will work, nor active interception (required in most cases) with claiming the server identity.

Note that this is different if the router is not just a dumb router forwarding traffic, but an actual security device which is explicitly trusted by the clients to do TLS man in the middle. In this case hacking such a "router" (or better called "firewall" or "corporate proxy") will give the hacker also access to the decrypted traffic, since decrypting the traffic for introspection is an explicit feature of the device. See also How does SSL Proxy server in company work?.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Server privatekey can decrypt a passive=sniffed (not active=MitMed) session only if plain-RSA keyexchange was used, but post-Snowden most things prefer [EC]DHE, and TLS1.3 now requires it (except _optionally_ on resumption). – dave_thompson_085 May 03 '22 at 01:53
  • @dave_thompson_085: Correct, I've added more detail to make this more clear. – Steffen Ullrich May 03 '22 at 03:13
  • @SteffenUllrich is active interception with claiming the server identity a man in the middle attack? – Marecz May 07 '22 at 16:05
  • @SteffenUllrich can the private key be acquired with a man in the middle attack? – Marecz May 07 '22 at 16:22
  • @Marecz: No, the private key stays private to the server. It gets never transmitted. It is only used to sign some challenge so that the client can verify that the server actually knows the private key matching the public key of the certificate. – Steffen Ullrich May 07 '22 at 17:04
0

A hacker cannot decrypt your TLS traffic by hacking your router. The key is generated by the server on the TLS transaction, and it will never be transmitted anywhere.

I read that they use packet sniffers like Wireshark to decrypt HTTPS, is this true?

Yes, but only if they get the symmetric key first. To get that, you need to instruct your TLS client to write the TLS key somewhere, and you load that key on Wireshark. Unless you do so, Wireshark cannot decrypt anything.

the hacker needs to have physical access of your device(computer, smartphone...) to get the private key

Law #3 of Security: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

If anyone have physical access, they don't need to get your keys. They can just alter any software you have to send them the traffic before the encryption. No need to hack your router.

So if your router gets hacked is decryption of HTTPS possible and can the complete URL of sites that you visit be viewed?

No and no. The hacker can know the domain you are accessing (because of the SNI). Encrypted SNI could protect even the domain name, but it's not still in widespread use.

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
  • so its impossible to decrypt https, the only way to do that is if the attacker has physical access of your device? – Marecz May 07 '22 at 15:49
  • It's impossible to decrypt HTTPS unless the private key of the server is compromised or your device is compromised (physically or not). – ThoriumBR May 07 '22 at 22:16
0

Note that in an https connection, the client does not have a private key - only the server does.

Having said that, there are many ways that an adversary can view and/or modify your network connection. For example:

  • Your ISP is in a position to view and/or modify your network connection.
  • If you use public wifi (for example, at a coffee shop), the wifi provider is able to view and/or modify your network connection.
  • If your router is hacked, the attacker is in a position to view and/or modify your network connection.

However, being in a position to view and/or modify your network connection is only half the battle. If you connect to sites by https, then being in a position to view and/or modify your network connection is of little good to the attacker, unless:

  • The attacker has the private key of the server. In this case, the attacker would be able to use the server's certificate and the private key to impersonate the server. See this question for more info.

  • The attacker dupes you into trusting a fake certificate for the site, and mounts an MITM attack. See this Wikipedia article for more information.

mti2935
  • 21,098
  • 2
  • 47
  • 66
  • how can the attacker get the private key? If the lock shows on the webpage that the attacker cant dupe you right? – Marecz May 07 '22 at 15:54
  • @Marecz If the attacker is able to gain access to the real server (e.g. through a remote vulnerability), then he can steal the real server's private key. Then, if he is in a position to view/modify the victim's network connection, he can use the real server's certificate and private key to impersonate the real server, and the lock symbol on the victim's browser will show as trusted. – mti2935 May 07 '22 at 16:01
0

You don't need RSA key pair on your side to securely communicate via HTTPS. Browser agrees with the server about keys for the current session. See details here. At one of steps the server sends to the browser data signed by its key. The browser validates the signature and knows for sure that the data really come from the expected server and that these data were not modified.

If the attacker reads your traffic e.g. with Wireshark, this will not harm, because Diffie-Hellman key exchange does not reveal secrets.

If the attacker attempts to manipulate the traffic, e.g. using your compromised router, the browser will report the server signature as invalid and will refuse to establish connection.

As long as your device is not compromised, and if the server supports TLS 1.3, a compromised router will not allow to read your HTTPS traffic.

If your device is compromised, then of course you cannot be sure: An attacker can install forged CA certificates and use it for a man-in-the-middle attack, or your browser can be infected with a malicious code so that your traffic will be known to the attacker, and so on.

mentallurg
  • 10,256
  • 5
  • 28
  • 44
  • by compromised device you mean if the attacker has physical access of your device? – Marecz May 07 '22 at 15:44
  • @Marecz: No. Or more precisely, not only that. By compromised device I mean the case when the attacker can control your device. If this happens remotely via some malware or via physical access, does not matter. – mentallurg May 07 '22 at 15:53