Linux TCP flaw lets 'anyone' hijack Internet traffic – ZDNet

August 12, 2016 Facebook Twitter LinkedIn Google+ Uncategorized

Some days you can’t win for losing. In 2012, Linux implemented a new TCP/IP networking standard, RFC 5961, Improving TCP’s Robustness to Blind In-Window Attacks, to improve security. In the process, they opened up a heretofore unknown security hole. Ironically, other operating systems that lagged in implementing this new “security” mechanism — such as FreeBSD, macOS, and Windows — are immune to this new attack vector.

Cyber Security

The latest network attack can be used against any Linux to Linux Internet connection.

UC Riverside

This is potentially a big deal because it can be used to break, or even hijack, Internet connections between Linux and Android systems. So, for example, if an Android smartphone connected to USA Today, the connection could be interrupted. The same attack, however, would fail if it were made on a link between a Windows PC and USA Today.

The problem exists in any operating system running Linux kernel 3.6 or newer. Linux 3.6 was introduced in 2012. The vulnerability allows an attacker from anywhere on the Internet to search for connections between a client and a server. Once such a network connection is found, the attacker can invade it, cause connection termination, and perform data injection attacks.

How bad is it? The discoverers say that the attack is fast and reliable, takes less than a minute, and works about 90 percent of the time.

According to University of California at Riverside (UCR) researchers, the Linux TCP/IP security hole can be used by attackers in a variety of ways: Hackers can hijack users’ internet communications remotely, launch targeted attacks that track users’ online activity, forcibly terminate a communication, hijack a conversation between hosts, or degrade the privacy guarantee of anonymity networks such as Tor.