Cyber Linux News

Linux TCP flaw a treat for Hackers ‘Hijacking’

Written by Dr-Hack

UCR researchers show how communications involving Linux and Android systems can be compromised quickly, easily and from anywhere

Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users’ internet communications completely remotely.

How Dangerous is the vulnerability ?

Such a weakness could be used to launch targeted attacks that track users’ online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

Are you in Danger ?

While most users don’t interact directly with the Linux operating system, the software runs behind-the scenes on internet servers, android phones and a range of other devices. To transfer information from one source to another, Linux and other operating systems use the Transmission Control Protocol (TCP) to package and send data, and the Internet Protocol (IP) to make sure the information gets to the correct destination.

The UCR researchers didn’t rely on chance, though. Instead, they identified a subtle flaw (in the form of ‘side channels’) in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.

Temporary Fix for Vulnerability

The following temporary patch that can be applied to both client and server hosts. It simply raises the `challenge ACK limit’ to an extremely large value to make it practically impossible to exploit the side channel. This can be done on Ubuntu, for instance, as follows:

  1. Open /etc/sysctl.conf, append a command “net.ipv4.tcp_challenge_ack_limit = 999999999”.
  2. Use “sysctl -p” to update the configuration.

Demo Video

Download Attack Paper and How this Hack Works :

Common Vulnerabilities and Exposures

CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly find the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.

Pin It on Pinterest