SquareX to reveal major browser vulnerabilities at DEF CON 32

SquareX has announced that its founder, Vivek Ramachandran, will present the company's latest research findings at DEF CON 32. Ramachandran, along with his security research team, will deliver a talk titled "Breaking Secure Web Gateways (SWG) for Fun and Profit!" on Friday, August 9, 2024.

The presentation will introduce a new class of cyber-attacks named Last Mile Reassembly Attacks. These attacks are designed to evade Secure Web Gateways, which are integral components of Secure Access Service Edge (SASE) and Security Service Edge (SSE) solutions.

Ramachandran highlighted the vulnerability of web browsers within enterprises, stating, "The web browser is the most used application within the enterprise but also the least protected. Bad actors are now increasingly targeting the weakest link: employees and consultants." He emphasized that many of these attacks occur when individuals are performing their regular duties online, indicating a significant gap in current security measures.

Existing solutions like SWGs are part of broader SASE/SSE frameworks, aiming to protect against web-based threats. However, according to Ramachandran, these systems fall short in defending against modern client-side threats. "This makes it currently impossible for enterprise security teams to detect, mitigate and threat hunt these attacks," he stated.

The SquareX team discovered and conceptualized Last Mile Reassembly Attacks, which convert traditional attacks such as malware downloads and malicious websites into forms undetectable by existing security vendors. This vulnerability, described as architectural and vendor-agnostic, signifies that there is no straightforward solution to address it.

The cybersecurity market stands to be greatly affected by these findings. "These attacks will have a massive impact on SASE, as it is a USD $40 billion market, and every large security vendor has an SWG product vulnerable to this new class of attacks," Ramachandran explained. The team suspects these attacks may have been circulating undetected for some time. The release of their research and accompanying toolkit will enable enterprise vendors to evaluate their security measures and develop countermeasures.

During the DEF CON talk, Ramachandran will elaborate on the mechanics of Last Mile Reassembly Attacks. He described them as attacks where "a file download, upload, or site rendering never actually happens on the server side. Instead, the attack is assembled directly in the user's browser using various techniques, which will be detailed during the talk." This method allows malicious files to bypass SWGs, posing significant risks to enterprises worldwide.

SquareX researchers will demonstrate over 25 different bypass methods, including chunking attacks and WASM payloads. The presentation aims to expose the vulnerabilities and encourage security vendors to reconsider their reliance on cloud-based web attack detection models. Ramachandran asserted, "Vendors will need to understand the necessity for a client-side (either endpoint or browser-based) security agent and browser-hardening to work in tandem with the SWG for accurate detection and mitigation of attacks."

He further remarked, "Web attacks have far advanced and evolved in today's world, and if enterprises do not change the way they protect their users, they will essentially be vulnerable to these web threats and attacks." The company's research is intended to alert the cybersecurity community and push for a more comprehensive approach to browser security.

The introduction of Last Mile Reassembly Attacks and the accompanying toolkit challenges current security paradigms and urges enterprises to reassess their protection strategies against browser-based attacks.