Linux operating systems vulnerable to cyber attacks: Report

Researchers from University of California-Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems that enables attackers to remotely hijack users’ internet communications.

By:
| Updated on: Aug 10 2016, 18:53 IST
image caption
Researchers from University of California-Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems that enables attackers to remotely hijack users’ internet communications.

Researchers from University of California-Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems that enables attackers to remotely hijack users' internet communications.

Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

To transfer information from one source to another, Linux and other operating systems use the Transmission Control Protocol (TCP) to package and send data, and the Internet Protocol (IP) to ensure the information gets to the correct destination.

Also read
Looking for a smartphone? To check mobile finder click here.

When two people communicate by email, TCP assembles their message into a series of data packets, identified by unique sequence numbers, that are transmitted, received, and reassembled into the original message.

Those TCP sequence numbers are useful to attackers, but with almost four billion possible sequences, it is essentially impossible to identify the sequence number associated with any particular communication by chance.

The researchers led by Yue Cao, computer science graduate student, identified a subtle flaw in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.

This means that given any two arbitrary machines on the internet, a remote blind attacker without being able to eavesdrop on the communication, can track users' online activity, terminate connections with others and inject false material into their communications.

The weakness can allow attackers to degrade the privacy of anonymity networks, such as Tor, by forcing the connections to route through certain relays, the authors stated.

The attack is fast and reliable, happens in less than a minute and has a success rate of about 90 per cent.

The researchers alerted Linux about the vulnerability which resulted in patches applied to the latest Linux version.

The study was set to be presented at the USENIX Security Symposium in Austin, Texas, this week.

--IANS

anuj/na/dg

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 10 Aug, 18:53 IST
NEXT ARTICLE BEGINS