A flaw has recently been discovered in the Linux operating system which allows hackers to terminate, inject malware into communications or downloads between machines connected to the internet.
The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 (version 3.6 and above of the Linux kernel), is said to pose a serious threat to Internet users, regardless whether or not they use Linux directly.
This vulnerability allows an attacker to scan for connections between a client and a server over the internet, and once a network connection is discovered, the attacker can then intrude it, cause connection termination, and perform malicious data injection attacks.
The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays.
By using this flaw, the interception of data by an attacker, doesn't require a man-in-the-middle attack, instead the attackers can send packets of data to the targets with spoofed credentials.
With Linux running in the back-end on the majority of servers, as well as Android devices, a major amount of users may well be left vulnerable to attackers due to this flaw. The anonymizing browser software Tor, could also be compromised, with users losing their privacy within less than a minute 90 percent of the time.
Researchers with the University of California, Riverside, recently presented the findings at the USENIX Security Symposium in Austin, Texas.
“Through extensive experimentation, we demonstrate that the attack is extremely effective and reliable. Given any two arbitrary hosts, it takes only 10 seconds to successfully infer whether they are communicating,” the team wrote in a white paper. “If there is a connection, subsequently, it takes also only tens of seconds to infer the TCP sequence numbers used on the connection. To demonstrate the impact, we perform case studies on a wide range of applications.”
The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 (version 3.6 and above of the Linux kernel), is said to pose a serious threat to Internet users, regardless whether or not they use Linux directly.
This vulnerability allows an attacker to scan for connections between a client and a server over the internet, and once a network connection is discovered, the attacker can then intrude it, cause connection termination, and perform malicious data injection attacks.
The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays.
By using this flaw, the interception of data by an attacker, doesn't require a man-in-the-middle attack, instead the attackers can send packets of data to the targets with spoofed credentials.
With Linux running in the back-end on the majority of servers, as well as Android devices, a major amount of users may well be left vulnerable to attackers due to this flaw. The anonymizing browser software Tor, could also be compromised, with users losing their privacy within less than a minute 90 percent of the time.
Researchers with the University of California, Riverside, recently presented the findings at the USENIX Security Symposium in Austin, Texas.
“Through extensive experimentation, we demonstrate that the attack is extremely effective and reliable. Given any two arbitrary hosts, it takes only 10 seconds to successfully infer whether they are communicating,” the team wrote in a white paper. “If there is a connection, subsequently, it takes also only tens of seconds to infer the TCP sequence numbers used on the connection. To demonstrate the impact, we perform case studies on a wide range of applications.”
The team of researchers also noted that systems running Linux kernel older than version 3.6, are unaffected by this vulnerability.
Prevention
A patch to fix the flaw has been distributed, though many users and networks will still be left exposed to miscreants, since the exploit requires only one unpatched party for the attack to be successful.
There has been a fix issued online by various sites, whereby you change the 'challenge ACK limit' to an extremely large value in order to make it near impossible to exploit the side channel problem that enables the attack to work.
Steps:
1. Open /etc/sysctl.conf, with an editor, such as vim
2. Enter the line: net.ipv4.tcp_challenge_ack_limit = 999999999
3. Save the file
4. Use the shell command "sysctl -p" to update the configuration.
1. Open /etc/sysctl.conf, with an editor, such as vim
2. Enter the line: net.ipv4.tcp_challenge_ack_limit = 999999999
3. Save the file
4. Use the shell command "sysctl -p" to update the configuration.
Once completed, your system would be protected against attack using this flaw in TCP.
