Researchers from University of California-Riverside have identified a
weakness in the Transmission Control Protocol (TCP) of all Linux
operating systems that enables attackers to remotely hijack users'
internet communications.
Such a weakness could be used to launch
targeted attacks that track users' online activity, forcibly terminate a
communication, hijack a conversation between hosts or degrade the
privacy guarantee by anonymity networks such as Tor.
To transfer
information from one source to another, Linux and other operating
systems use the Transmission Control Protocol (TCP) to package and send
data, and the Internet Protocol (IP) to ensure the information gets to
the correct destination.
When two people communicate by email, TCP
assembles their message into a series of data packets, identified by
unique sequence numbers, that are transmitted, received, and reassembled
into the original message.
Those TCP sequence numbers are useful
to attackers, but with almost four billion possible sequences, it is
essentially impossible to identify the sequence number associated with
any particular communication by chance.
The researchers led by Yue
Cao, computer science graduate student, identified a subtle flaw in the
Linux software that enables attackers to infer the TCP sequence numbers
associated with a particular connection with no more information than
the IP address of the communicating parties.
This means that given
any two arbitrary machines on the internet, a remote blind attacker
without being able to eavesdrop on the communication, can track users'
online activity, terminate connections with others and inject false
material into their communications.
The weakness can allow
attackers to degrade the privacy of anonymity networks, such as Tor, by
forcing the connections to route through certain relays, the authors
stated.
The attack is fast and reliable, happens in less than a minute and has a success rate of about 90 percent.
The researchers alerted Linux about the vulnerability which resulted in patches applied to the latest Linux version.
The study was set to be presented at the USENIX Security Symposium in Austin, Texas, this week.
Indian News Agency ANI Sues Netflix for Using its Content in 'IC-814: The Kandahar Hijack' Series9 September 2024
Search
![Gadgets 360 With Technical Guruji: News of the Week [April 12, 2024]](https://c.ndtvimg.com/2025-04/jlpk5kco_news-of-the-week_160x120_12_April_25.jpg?downsize=180:*)
