Researchers from the University of New Mexico uncovered a critical Linux vulnerability that affects most of the Linux distros, allows attack Inferring and hijacking VPN-tunneled TCP connections.
The vulnerability also allowed to inject the data into the TCP stream and hijack connections through determining the exact seq and ack numbers by counting encrypted packets and analyse the size.
The severe Linux vulnerability can be tracked as CVE-2019-14899 and affects the other services such as Systemd, Google, Apple, OpenVPN, and WireGuard.
Researchers tested most of the following Linux distributions and found that all are vulnerable including Linux distros that use a version of systemd pulled after November 28th, 2018.
The discovered vulnerability has been confirmed its existence in Linux, FreeBSD, OpenBSD, macOS, iOS, and it allows the malicious access point to determine whether the connected user is using a VPN, websites that they are visiting and also allowed attackers to inject data into the TCP stream.
Researchers also confirmed that the vulnerability also works against OpenVPN, WireGuard, and IKEv2/IPSec. But not work against TOR since it operates in a SOCKS layer and includes authentication and encryption that happens in userspace.
Researchers clarifies that “It should be noted, however, that the VPN technology used does not seem to matter and we are able to make all of our inferences even though the responses from the victim are encrypted, using the size of the packets and number of packets sent (in the case of challenge ACKs, for example) to determine what kind of packets are being sent through the encrypted VPN tunnel.”
There are 3 steps and 4 components need to reproduce this attack.
This attack does not work against any Linux distribution until the release of Ubuntu 19.10 and the Amazon AWS employee confirmed that Amazon Linux and our VPN products; aren’t impacted by this issue.
Possible VPN-Tunneled TCP connections attack mitigation suggested by researchers:
1. Turning reverse path filtering on
2. Bogon filtering
3. Encrypted packet size and timing
You can read the complete analysis of this vulnerability report here.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates
Also Read
Critical Wi-Fi Bug In Linux Let Hackers Take Complete Control and Crash The System Remotely
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…