Exploiting the Superfish certificate

As discussed in my previous blogpost, it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot. This took me also about three hours.

The hardware

You need a computer to be the WiFi access-point. Notebook computers are good choices, but for giggles I chose the "Raspberry Pi 2", a tiny computer that fits in the palm of your hand which costs roughly $35. You need two network connections, one to the Internet, and one to your victims. I chose Ethernet to the Internet, and WiFi to the victims.

The setup is shown above. You see the little Raspberry Pi 2 computer, with a power connection at the upper left, an Ethernet at the lower-left, and the WiFi to the right. I chose an "Alfa AWUS050NH" WiFi adapter, but a lot of different ones will work. Others tell me this $15 TP-Link adapter works well.. You can probably find a good one at Newegg or Amazon for $10. Choose those with external antennas, though, for better signal strength. You can't really see it in this picture, but at the top of the circuit board is a micro-SD card acting as the disk drive. You'll need to buy at least a 4-gigabyte card, which costs $4, though consider getting an 8-gig or even 16-gig card since they don't cost much more.

Extracting the SuperFish certificate

I extracted the certificate from the SuperFish adware and cracked the password ("komodia") that encrypted it. I discuss how down below. The consequence is that I can intercept the encrypted communications of SuperFish's victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot. Note: this is probably trafficking in illegal access devices under the proposed revisions to the CFAA, so get it now before they change the law.