Use the internet? This Linux flaw could open you up to attack

'It can be done easily by anyone in the world,' one researcher says

A flaw in the Transmission Control Protocol (TCP) used by Linux since late 2012 poses a serious threat to internet users, whether or not they use Linux directly.

That's the key finding of a research study that's scheduled to be presented Wednesday at the USENIX Security Symposium in Austin, Texas.

The TCP weakness, identified by researchers from the University of California at Riverside, enables attackers to hijack users’ internet communications completely remotely. It could be used to launch targeted attacks that track users’ online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee of anonymity networks such as Tor, the researchers said.

Because Linux runs behind the scenes on countless internet servers, Android phones and a range of other devices, a broad swath of users may be affected.

Linux and other operating systems use TCP to package and send data being transferred from one place to another. When two people communicate by email, for example, TCP assembles each message into a series of data packets that are transmitted, received, and then reassembled into the original message. Those packets are identified by unique sequence numbers that could be handy for attackers, but typically there are too many possibilities to make those numbers guessable.

That's under ordinary circumstances. The subtle flaw the researchers found uses something called "side channels" in the Linux software to make it possible for attackers to infer the TCP sequence numbers associated with a particular connection by using no more information than the IP addresses of the communicating parties.

So, given any two arbitrary machines on the internet, a remote blind attacker can track users’ online activity, terminate connections with others and inject false material into their communications. Even encrypted HTTPS connections -- which are immune to data injection -- could be forcibly terminated. Attackers could also undermine anonymity networks like Tor by forcing connections to route through certain relays.

The attack is fast and reliable, often taking less than a minute and succeeding about 90 percent of the time, the researchers said. The video below explains it in more detail.

“The unique aspect of the attack we demonstrated is the very low requirement to be able to carry it out," said Zhiyun Qian, an assistant professor of computer science at UCR. "Essentially, it can be done easily by anyone in the world where an attack machine is in a network that allows IP spoofing. The only piece of information that is needed is the pair of IP addresses for victim client and server, which is fairly easy to obtain.”

Qian's team has alerted the Linux community to the vulnerability, and the next version of Linux is already patched. In the meantime, Qian recommends a temporary patch for both client and server hosts. It's outlined in an announcement on the UCR site. The researchers' full paper is also available online.

“A side-channel attack capable of predicting TCP sequence numbers is a pretty serious problem," said Craig Young, security researcher for Tripwire, via email.

One potential result is to allow attackers to launch the kind of TCP hijacking attacks that were so prominent in the 1990s hacking scene, Young said.

Kevin Mitnick rose to fame during that era for performing what's known as session hijacking by exploiting TCP's vulnerabilities at the time.

"Back then the problem was that many computers would generate initial sequence values from the clock, thereby greatly reducing the number of guesses needed to take control of a remote session," Young said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Katherine Noyes

IDG News Service
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?