WRITTEN BY: USAFEATURESMEDIA
(Cyberwar.news) Cyber researchers at the University of California-Riverside say they have found a vulnerability in the Transmission Control Protocol (TCP) of all Linux operating systems since 2012, which enables attackers to hijack a user’s Internet communications remotely.
The weakness could be used for targeted attacks that would allow a hacker to track a victim’s online activity, terminate a communication forcibly, hijack a conversation between hosts, or degrade the privacy guarantee by anonymity networks like Tor.
The university says that its research, which was led by Yue Cao, a computer science grad in URC’s Bourns College of Engineering, will be presented this week at the USENIX Security Symposium in Austin, Texas.
Though most users do not directly interact with the Linux operating system, the software operations behind the scenes on Internet servers, android smart phones and a host of other devices.
To transfer information from one source to another, operating systems including Linux use the TCP to package, then send, data, as well as the Internet Protocol (IP), so as to ensure that data goes to the right destination.
“For example, when two people communicate by email, TCP assembles their message into a series of data packets — identified by unique sequence numbers — that are transmitted, received, and reassembled into the original message,” reports Homeland Security Newswire. “Those TCP sequence numbers are useful to attackers, but with almost 4 billion possible sequences, it is essentially impossible to identify the sequence number associated with any particular communication by chance.”
The UCR researchers did not rely on chance, however. Rather, they identified a subtle flaw in the form of ‘side channels’ in the Linux software enabling hackers to infer the TCP sequence numbers that are associated with a specific connection, without any addition information other than the IP address of the communicating parties.
“This means that given any two arbitrary machines on the Internet, a remote blind attacker, without being able to eavesdrop on the communication, can track users’ online activity, terminate connections with others and inject false material into their communications,” Homeland Security Newswirereported.