Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday August 10 2016, @02:14PM   Printer-friendly
from the not-good-news dept.

Submitted via IRC for Beige

Researchers at the University of California, Riverside (UCR) have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications completely remotely.

Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

Led by Yue Cao, a computer science graduate student in UCR's Bourns College of Engineering, the research will be presented on Wednesday (Aug. 10) at the USENIX Security Symposium in Austin, Texas. The project advisor is Zhiyun Qian, an assistant professor of computer science at UCR whose research focuses on identifying security vulnerabilities to help software companies improve their systems.

While most users don't interact directly with the Linux operating system, the software runs behind-the -scenes on internet servers, android phones and a range of other devices. To transfer information from one source to another, Linux and other operating systems use the Transmission Control Protocol (TCP) to package and send data, and the Internet Protocol (IP) to ensure the information gets to the correct destination.

For example, when two people communicate by email, TCP assembles their message into a series of data packets—identified by unique sequence numbers—that are transmitted, received, and reassembled into the original message. Those TCP sequence numbers are useful to attackers, but with almost 4 billion possible sequences, it's essentially impossible to identify the sequence number associated with any particular communication by chance. The UCR researchers didn't rely on chance, though. Instead, they identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.

[...] Encrypted connections (e.g., HTTPS) are immune to data injection, but they are still subject to being forcefully terminated by the attacker. The weakness would allow attackers to degrade the privacy of anonymity networks, such as Tor, by forcing the connections to route through certain relays. The attack is fast and reliable, often taking less than a minute and showing a success rate of about 90 percent. The researchers created a short video showing how the attacks works.

Source: https://ucrtoday.ucr.edu/39030


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Wednesday August 10 2016, @02:52PM

    by Anonymous Coward on Wednesday August 10 2016, @02:52PM (#386274)

    If I had to take a wild stab, I'd guess that the MotU/hackers/Bad Guys could ensure that you connect to a compromised entrance node by means of exhaustion. Simply repeatedly terminate connections that aren't to compromised entrance nodes until Tor connects to a compromised one. If we assume the MotU have effectively compromised your ISP, this wouldn't be necessary to cause that to happen. It could still be useful to other parties that may want to deanonymize traffic such as Google, M$, Amazon, etc.

    I'm not intimately familiar with how Tor works, but I assume that after connecting to a compromised node, the presence of the other two nodes that are supposed to be involved in obfuscating a communication's source could be forged or if not an attacker could use wash-rinse-repeat to ensure the communication also finds its way to a compromised exit node. With traffic going through both a compromised entrance node and compromised exit node, it's possible to deanonymize it.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Wednesday August 10 2016, @02:57PM

    by Anonymous Coward on Wednesday August 10 2016, @02:57PM (#386275)

    Should have added that this seems to completely defeat the purpose of Tor. But I'm more a fan of Freenet.

  • (Score: 0) by Anonymous Coward on Wednesday August 10 2016, @10:27PM

    by Anonymous Coward on Wednesday August 10 2016, @10:27PM (#386408)

    All of my entrance nodes, according to TBB are routing through 5 eyes, or affiliated countries entry nodes, which a disturbing propensity for single nation hops all the way through (IE UKUKUK, or FRFRFR, or USUSUS.) I have all 5 eye nations and a few others blacklisted for both regular and exit nodes, so they shouldn't *EVER* be showing up, according to Tor docs, unless connectivity is so bad that only 'suspect' entry nodes are available.

    I hope the scrutiny wastes a lot of their surveillance dollars for little return, but given how commiditized their spying is now, I imagine it is cheaper to just collect/compromise everything, than to make exceptions other than for people it is politcally or financially beneficial to not observe.