Tuesday, December 3, 2024
HomeCVE/vulnerabilityEtherOops - A New Attack Let Hackers Exploit a Bug in Ethernet...

EtherOops – A New Attack Let Hackers Exploit a Bug in Ethernet Cables to Bypass Firewall and NATs

Published on

SIEM as a Service

Researchers unveiled a very new method that helps to exploit a vulnerability in Ethernet cables to bypass firewalls and NATs. 

Earlier, this exploitation is considered as non-exploitable; but, now the weakness was named as Etheroops. This vulnerability works only if the targeted system network includes faulty Ethernet cables on the path from attackers to the victims.  

How Etheroops Works

The research team at Armis described that the Etheroops attack is primarily a packet-in-packet attack. These attacks generally used when the network packets are placed inside each other. 

- Advertisement - SIEM as a Service

The outermost case is an excellent packet, whereas the inner one carries all sought of malicious code or various commands. The outermost case is benign, and it enables the attack payload to move in with the help of first network protection, like firewalls, or other security commodities. 

While the inner case attacks are the devices that are inside the network, that’s why the networking case does not alter their production and dissipate their “outer case.” 

Now the faulty Ethernet cables come into action, but defective Ethernet cable experiences undesired electrical intervention, and the inside parts of the actual packet start flipping. This action starts damaging the outermost case slowly and leaves the innermost case active.

Prerequisites for a Successful Attack

The security researchers have asserted that there are some prerequisites for making this attack successful, and we have mentioned below the necessities of this attack step by step.

1) Sending benign packets through the Firewall/NAT

This step includes the process of sending a stream of benign packets, by a firewall/NAT.

2) The occurrence of bit-flips (or: Bad Cables)

In this process, the bit-flips are expected to work correctly as it requires random occurrence on target Ethernet cables. But, when the security experts observed over different segments of their install base, they remarked different error rates.

3) Checksum manipulation (or: Finding out internal MAC Addresses)

This process works after the Ethernet cable occurs, that’s why a checksum tool that is available in the framing headers of the Ethernet helps to identify the corrupted files.

Proximity Attack Based on EMP

According to the researchers, the faulty Ethernet cable has a background of electromagnetic interference (EMI). That’s why the researchers carried out an experiment, which is a cable that is not being guarded, conducting an attenuated signal, and this signal becomes susceptive at higher levels of EMI. 

There might be some specific devices that transmit an electromagnetic pulse that can create this type of disturbance that are the EMP weapon. These device uses wideband vibrations that lie between 100MHz – 2GHz to interfere with any cabling as lengthy as 5 centimeters.

The internal cell that is the innermost case is not as safe as it contains all sorts of malicious data and commands.

One-Click Attack Scenario

In this scenario, the threat actors lead their target to a malicious website, that is controlled by them, by sending the objectives a malicious link. Once the user submits the outbound packets to the server controlled by the attacker, they get the authorization to send a surge of good packets to the targets that will travel within the whole network.

Zero-Click Proximity Attack Scenario

In this attack scenario, the stream of good packets moves within the network perimeter security defenses (firewall/NAT) of the user, and this is possible only if the attacker manages to trick the DNS reply from the IP address of the user’s DNS resolver.

All these procedures depend upon the threat actor, as he/she gets to decide which method he/she will prefer among all these various methods of Ethernet cable. 

Moreover, the security researchers are finding all the variants so that the users can get know the EMI procedures perfectly.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

HPE IceWall Flaw Let Attackers cause Unauthorized Data Modification

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin addressing a critical vulnerability...