SHARE
TWEET

Taking Advantage Of Live Chat Leaks

a guest Apr 2nd, 2018 3,560 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.                     + Taking Advantage of Live Chat Leaks +
  2.  
  3.  
  4.             Written by Cody Zacharias (@now) and Kane Gamble (@kane_gamble)
  5.  
  6.                                       ~~~
  7.  
  8. --[ Table of Contents
  9.  
  10.   1 - Introduction
  11.   2 - Information Disclosure
  12.   3 - Proof of Concept
  13.       3.1 - LiveChat Software (LiveChatInc)
  14.       3.2 - TouchCommerce
  15.   4 - Business Impact
  16.   5 - Who is Affected?
  17.  
  18. --[ 1 - Introduction
  19.  
  20. Kane Gamble and Cody Zacharias discovered information disclosure vulnerabilities
  21. in live chat software by LiveChat Software (LiveChatInc), TouchCommerce (formerly
  22. inQ, inc. and recently acquired by Nuance Communications), LivePerson, and many
  23. others.
  24.  
  25. Vendors were notified of security issues present in their live chat software, or
  26. at least contact attempts were made. Vendors mentioned in this paper have not
  27. fixed the vulnerabilities disclosed.
  28.  
  29. --[ 2 - Information Disclosure
  30.  
  31. Each live chat software is affected the same way. Significant information about
  32. the employee/agent you're communicating with is detailed in the responses of
  33. POST requests that are made when chatting with the agent. The information
  34. disclosure bugs in the live chat software exist because there are no steps taken
  35. to prevent information about the person you're chatting with from being mentioned
  36. in the responses.
  37.  
  38. The type of information being disclosed is dependent on the company/website
  39. using the live chat software. Some examples of information we've seen being
  40. disclosed include:
  41.  
  42. - Employee's full name
  43. - Employee's supervisor and managers
  44. - Employee's ID
  45. - Employee's supervisor and manager's employee ID
  46. - Employee's location
  47. - Center name
  48. - Employee's email
  49. - Indications of other tools/programs the employee is using
  50.  
  51. This data can be retrieved by inspecting the requests made during a live
  52. chat session with browser networking tools or Burp Suite.
  53.  
  54. --[ 3 - Proof of Concept
  55.  
  56. Parts of each sample have been redacted with ****.
  57.  
  58. ----[ 3.1 - LiveChat Software (LiveChatInc)
  59.  
  60. This sample is taken from Google Fiber's live chat. The information being disclosed
  61. include the employee's name and email address belonging to their account. In some
  62. cases, the email address disclosed is a personal email, not a work email address.
  63.  
  64. jQuery111304544368839391404_1501150342048({"messages":[{"timestamp":1501150382,"unique_id":2,"message":{"name":"start_chat","data":{"visitor":{"id":"S1501150342.5b78b0fe92","nick":"GoD","email":"GoD@mail.com"},"group":2,"source_group":2,"version":"Embedded","custom_variables":{},"integration_params":"","from_manual_invitation":false,"trigger_unique_id":"","welcome_message":"Hello GoD, one moment while we connect you with a Google Fiber team member. ","is_mobile":false,"return_secured_session_id":false,"random_id":"1501150381705RiVFZ16"}}},{"timestamp":1501150382,"unique_id":1,"message_iwcs":"FUC00002K^si*****x@google.com^C****^0^911595^^^0^^0^0^^FU014420CK^1^^^si*****x@google.com;^0^^^^1^1^livechat.s3.amazonaws.com/7251891/avatars/fd8043b7ab99171c3297865686ee6325.png^^Support Agent^"}]});
  65.  
  66. ----[ 3.2 - TouchCommerce
  67.  
  68. This sample is taken from Verizon's live chat. The information being disclosed include
  69. the employee's full name, employee ID, supervisor's name, supervisor's EID, managers,
  70. center name and location. There is also indication that the employee is using CoFEE,
  71. a Verizon employee tool used to lookup customer records.
  72.  
  73. {"messages":[{"state":"assigned","agentID":"3********1@verizon","agent.alias":"Daley","messageType":"stateChange","agentGroupID":"1000****","engagementID":"725742275********","host.node.id":"172.31.10.26","public_user_id":"42314***","agentAttributes":"CoFEE=true,CenterType=Partner,AgentSalesCode=VZID,Director=LUCAS_*****,Team=W******N_G***GE,Vendor=Tech ********a,OpsManager=S**********H,SupervisorEID=028********,AgentLocation=H**********,CenterName=D**************M Hyd","agent.site_attrs":"CoFEE=true,CenterType=Partner,AgentSalesCode=VZID,Director=LUCAS_******,Team=W********N_G****E,Vendor=Tech *****a,OpsManager=S*********H,SupervisorEID=028*******,AgentLocation=H***********,CenterName=D**************M Hyd","business_unit.id":"1900****","cobrowse.enabled":"true","ar_event_send_time":"1522595864750","chatrouter.address":"172.31.10.26","event.agent_last_name":"B******","event.agent_first_name":"Daley","msg.originalrequest.id":"727994074616*****","event.initial_request_attributes":""}], "count":3}
  74.  
  75. --[ 4 - Business Impact
  76.  
  77. The type of information being exposed is everything a person would need to successfully
  78. perform social engineering attacks against the company by using an employee's real
  79. information such as their full name, employee ID and supervisor's name to impersonate them.
  80. This could lead to somebody gaining access to employee tools and even allow them to gain a
  81. foothold in the internal network.
  82.  
  83. --[ 5 - Who is Affected?
  84.  
  85. Some companies affected using TouchCommerce live chat [1]:
  86. - Sprint, AT&T, Verizon, Bell, Cox Communications, Bank of America, Merrill Lynch, Citizen's Bank, etc.
  87.  
  88. Some companies affected using LiveChat Software [2]:
  89. - Google Fiber, Kaspersky Labs, Bitdefender, TorGuard VPN, etc.
  90.  
  91. [1] http://web.archive.org/web/20160618000435/http://www.touchcommerce.com:80/about-us/select-client-list
  92. [2] https://www.livechatinc.com/customers/
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top