facebook
twitter
rss
account
search
search
 

Flaw found in common network security tech

May 21, 2012 at 3:54 PM   |   Comments

ANN ARBOR, Mich., May 21 (UPI) -- A popular technology used to provide security on cellular networks can unwittingly help a hacker break into Facebook and Twitter accounts, U.S. researchers say.

Researchers at the University of Michigan said the technology, known as network firewall middleboxes, is meant to block data that doesn't appear to be part of the flow of information traffic on the network.

Of the nearly 150 networks computer science Professor Z. Morley Mao and doctoral student Zhiyun Qian tested worldwide, 32 percent used the middlebox technology, the University reported Monday.

An attacker could hijack an Internet connection using them, the researchers said.

Middleboxes monitor the "sequence numbers" of data packets being sent to mobile devices.

For example when a smartphone user takes a photo and shares it with a friend, the researchers said, it gets broken down into numerous packets before it's sent across the network.

The friend's smartphone looks to the sequence numbers to put the picture back together.

Middleboxes could help hackers use the process of elimination to home in on a number in the right range, as the middlebox can unwittingly let a hacker know when he's identified a sequence number that will allow a packet through.

Armed with a valid sequence number, the hacker could spoof Facebook or Twitter's Web log-in page and gain the user's passwords, the researchers said.

"Firewall middleboxes are supposed to protect against this kind of attack, but it turns out they do the opposite," Qian said. "Most vendors and carriers that deploy such firewall middleboxes still believe they are safe and we want them to be aware of this design flaw."

© 2012 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Most Popular
1
45,000-year-old man reveals earliest human genome 45,000-year-old man reveals earliest human genome
2
North Dakota forks over $3 million for mummified dinosaur North Dakota forks over $3 million for mummified dinosaur
3
Weather satellite outage threatens to foul forecasts Weather satellite outage threatens to foul forecasts
4
Ancient Europeans couldn't drink milk for 5,000 years Ancient Europeans couldn't drink milk for 5,000 years
5
Dude! Company floats fly hoverboard Dude! Company floats fly hoverboard
Trending News
Around the Web
x
Feedback