Your Linux Distro Can Be Hacked In 60 Seconds Due To Serious TCP Flaw: Research

is my linux distro secure

is my linux distro secureShort Bytes: Researchers have found a critical flaw that affects all Linux kernel version 3.6 and beyond. If left unnoticed, this flaw allows a range of harmful blind off-path TCP attacks that can compromise the security of a Linux user with a success rate of 90%. The researchers have proposed certain changes and implementation of a global TCP limit to prevent this exploit.

A group of researchers from the University of California has spotted a loophole in the Transmission Control Protocol (TCP) of all Linux operating systems. This flaw lets a hacker remotely hijack an internet user’s communications.

This weakness in TCP used by Linux since 2012 could be used to deploy targeted attacks, track a user’s online activity and compromise the security of anonymity networks like TOR. The researchers are scheduled to present their research study at the USENIX Security Symposium in Austin, Texas.

Here’s what researchers have to say about this attack:

“The flaw manifests as a side channel that affects all Linux kernel versions 3.6 and beyond and may possibly be replicated in other operating systems if left unnoticed. We show that the flaw allows a variety of powerful blind off-path TCP attacks.”

What is the Off-Path TCP Exploit in Linux?

To send and receive information, Linux and other operating systems make use of the Transmission Control Protocol. To make sure that the packaged information reaches the correct destination, Internet Protocol (IP) is used.

Let’s suppose two friends are communicating via the means of email. TCP assembles their messages into a series of data packets, identified by unique sequence numbers. Since there are almost 4 billion possible sequences, it’s impossible to guess the sequence number associated with a particular communication.

The researchers have identified a flaw in Linux that lets a hacker deduce the TCP sequence number related to a certain connection. For doing so, the attacker doesn’t need any information other than IP address of participant computers.

Thus, this weakness can track the online activities of users, terminate their communications, or inject malicious code. Even HTTPS connections, which are immune to code injection, could be terminated. The authors state that the attack is very fast and takes place in less than a minute with a success rate of about 90%.

Here’s a video explaining the TCP attack demo:

For detailed information on this TCP attack, you can download the research paper.

Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.

Also Read: Linux Kernel 4.8 Is Adding Microsoft Surface 3 Support

Similar Posts