Vulnerable endpoints

An endpoint is a computing device that communicates back and forth with a network to which is it connected, like desktops, laptops, smartphones, tablets, servers, workstations, printers, and is not limited to physical devices, and includes, for example, browsers and web applications. They all represent key vulnerable points of entry for adversaries.

Meanwhile, the internet keeps growing, and we have an E2EE hype. Now many people suffer from the assumption that when using encryption, their data is secure. But most applications that provide an end-to-end encryption service store the encryption keys digitally inside the application. In some cases keys are stored on a server, or even in the cloud, and some applications give the client control and keys are stored on the devices. Vulnerable endpoints are a potential risk of data compromise because they can be accessed from the outside without permission or knowledge by those responsible.

  • If a server is compromised, all of its contents may become available for the adversary to steal or manipulate at will. Secure websites that do implement HTTPS but do not implement an HSTS policy (and HSTS Preloading) can be attacked simply by hijacking an HTTP connection that is destined for it. This is an extremely feasible attack vector, as there are many ways in which a user can end up connecting via HTTP instead of HTTPS.

  • Continuously new attack techniques are exploiting browser flaws and leading to the compromise of data.

  • Smartphones are generally less secure than PC’s and likely contain messages in cleartext, so an adversary can simply try to read the communication by attacking the smartphone. Not uncommon. Intelligence services and police departments do it too because it is easier to break into a smartphone than breaking state-of-the-art encryption.

  • Users themselves may involuntarily expose protected assets to an adversary through social engineering, by giving access to keyring files, interacting with untrusted UI elements, or being lured into running a shell. E2EE can mitigate (for example by providing UI interactions with verifiable indicators) but cannot prevent it.

  • Compromising home routers or DNS servers to point the target hostname at a server that is controlled by the attacker (a so-called pharming attack). A rogue Wi-Fi access point to provide internet access to nearby victims, can easily change the results of DNS lookups.

  • Vulnerabilities or backdoors in device hardware, including hard drives, SSD, memory chips, CPU or peripherals. For example, hardware keyloggers, TEMPEST, phones can be used to steal information.

  • Malware running with full local user privileges on an operating system (for example keyloggers) allows an adversary access to assets. No E2EE application can reliably protect against that. Some malware can be isolated via operating system security mechanisms or dedicated applications (linux, windows), but if the operating system itself is compromised …