This attack assumes that the attacker already has access to your company’s IT infrastructure, for example as an office worker. The attacker tries to gain access to the agent’s session, in order to learn account numbers, passwords, or to execute tasks on the customer’s web page.
First, the attacker needs access to the IT infrastructure, and more specifically, to a network that handles Unblu connections. Also, an agent might try to hack into another agent’s connection so that they can perform malicious actions.
Once in the network, the attacker might try to access the network traffic addressed to the agent. If your network isn’t secured, this can be done using standard network tools. The attacker can then see the same information as the agent. Using more sophisticated methods, the attacker may insert information of their own into the network traffic, which may include commands to the customer’s web page.
How Unblu prevents the agent session from being compromised
Unblu uses your existing internal network structure and security for co-browsing.
We recommend that you use an encrypted connection from the Unblu server to the agent. This makes it impossible to listen to the network communications, or to modify network communications.
Unblu uses two independent session IDs:
One for the session between the server and the visitor.
One for the session between the server and the agent.
If an attacker learns one ID, they can’t use it to guess the other. * The session ID is independent of the number the customer types-in to connect to the server. If an attacker intercepts the PIN, they can’t use it to guess the session ID. * The PIN that the customer types into the login field to establish the connection is discarded after the login. An attacker can’t use it to make another connection, or to take over an existing connection. * You can restrict the information that an agent sees and the action the agent can take. You should limit both of these to what’s necessary for effective relationship management.
|Depending on your infrastructure and security precautions, it may be simple for a skilled person to listen to your network traffic, especially if you use wireless networks. You should secure the traffic between the Unblu server and the agent.|
Can the agent session be compromised in the Unblu Cloud?
In an Unblu Cloud setup, agents use a standard HTTPS connection to communicate with the Collaboration Server. This means that all traffic is automatically secured, so there is no possibility that unsecured information is transmitted over an internal network.