This Linux flaw could open you up to attack
Source: Katherine Noyes
A flaw in the Transmission Control Protocol (TCP) used by Linux since late 2012 poses a serious threat to internet users, whether or not they use Linux directly.
That's the key finding of a research study that's scheduled to be presented Wednesday at the USENIX Security Symposium in Austin, Texas.
The TCP weakness, identified by researchers from the University of California at Riverside, enables attackers to hijack users’ internet communications completely remotely. It could be used to launch targeted attacks that track users’ online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee of anonymity networks such as Tor, the researchers said.
Because Linux runs behind the scenes on countless internet servers, Android phones and a range of other devices, a broad swath of users may be affected.
Linux and other operating systems use TCP to package and send data being transferred from one place to another. When two people communicate by email, for example, TCP assembles each message into a series of data packets that are transmitted, received, and then reassembled into the original message. Those packets are identified by unique sequence numbers that could be handy for attackers, but typically there are too many possibilities to make those numbers guessable.
That's under ordinary circumstances. The subtle flaw the researchers found uses something called "side channels" in the Linux software to make it possible for attackers to infer the TCP sequence numbers associated with a particular connection by using no more information than the IP addresses of the communicating parties.
So, given any two arbitrary machines on the internet, a remote blind attacker can track users’ online activity, terminate connections with others and inject false material into their communications. Even encrypted HTTPS connections -- which are immune to data injection -- could be forcibly terminated. Attackers could also undermine anonymity networks like Tor by forcing connections to route through certain relays.
The attack is fast and reliable, often taking less than a minute and succeeding about 90 percent of the time, the researchers said. The video below explains it in more detail.
| }
|