The Complete Magazine on Open Source

Linux TCP bug lets attackers remotely hijack web traffic

Linux TCP bug

A major vulnerability surfaced from the Transmission Control Protocol (TCP) of Linux-based systems that allows attackers to hijack web traffic remotely. The new security hole could help hackers track online activity through forcibly terminating a communication.

Researchers from the University of California, Riverside (UCR) have identified the vulnerability as CVE-2016-5696. It is considered as a “subtle flaw” available in the form of ‘side channels’ in Linux operating system since late 2012. The flaw can enable attackers to infer the TCP sequence numbers associated with a particular connection to track users’ online activity as well as terminate existing connections and even inject false material during a communication.

The bug reportedly gives backdoor access to third-party sources “to hijack a conversation” between hosts or degrade the privacy guarantee by anonymity networks like Tor. A short video has been released by the researchers’ group to demonstrate the attack.

“The unique aspect of the attack we demonstrated is the very low requirement to be able to carry it out. Essentially, it can be done easily by anyone in the world where an attack machine is in a network that allows IP spoofing. The only piece of information that is needed is the pair of IP addresses (for victim client and server), which is fairly easy to obtain,” said project advisor and assistant professor of computer science at UCR Zhiyun Qian.

Encrypted connections are vulnerable, too

The researchers claim that while encrypted connections such as HTTPS are immune to data injection, attackers can forcefully terminate them through the TCP vulnerability. Moreover, attacks can be conducted in less than a minute time and with a success rate of nearly 90 percent.

Qian mentioned that the Linux community was alerted about the security flaw, and patches are already applied to the latest version of the open source platform. But users on the older Linux systems are recommended to increase the ‘challenge ACK limit’ to extremely large value to restrict the side channel exploit.