Using a Network Firewall to Steal User InfoCategory: Science & Technology
Posted: May 23, 2012 06:22PM
A fact of technology security is that the more popular a device or piece of software is, the more malware will be made for it. This is why Macs have had so little malware in the past and why smartphone malware is growing in number. Researchers at the University of Michigan have recently discovered a way to use a defense mechanism, meant to protect smartphone users, to set up an attack to steal login and password information.
Some cellphone networks employ a middlebox firewall to secure data sequences. Information sent on the network is not sent in one big piece, but multiple small packets. These packets are numbered, so the receiver knows where to put each one in the larger sequence. A middlebox firewall checks these sequence numbers to make sure only packets with correct numbers get through. The researchers realized this can be used to redirect a phones data flow and found that 32% of the 150 networks tested across the globe are susceptible to the kind of attack they devised.
The attack works by sending packets with different sequence numbers. Those outside of the range of what the middlebox is accepting will be blocked, but any within that range will get through. Using a binary search, a hacker can be guaranteed a valid sequence number in just 32 steps, which takes seconds to achieve. Once a data packet gets through, a piece of malware already installed on the smartphone by the user, can then be activated and respond to the hacker, indicating a packet got through. At this point the hacker will have the ability to redirect the smartphone's traffic to a spoof site, such as Facebook or Twitter, where an unwitting user will type their username and password into a field for the hacker.
Worth noting is that this attack method circumvents the practice of sandboxing applications. It does not require one app does anything to another on the phone. The researchers have actually made an Android app to test if your Android smartphone is vulnerable to this attack, but at the time of my writing this, the app's page is down. (Perhaps this is because the app is considered malware by Google.)