Noticias Seguridad

TLS servers at risk from a new attack

ALPACA, a new attack against TLS servers

Man in the Middle or middle man attacks allow an attacker to interfere with a connection. It could read the information that is sent or received, strain data, or even modify it. For example, we can mention when a user connects to a public Wi-Fi network in a shopping center and sends information in plain text. There may be a hacker on that network collecting the data that is sent and received.

Now, there are different types of attacks. On this occasion, a group of German security researchers has discovered a new method called ALPACA. The objective is exploit TLS servers, which is the Internet standard in charge of ensuring communications between servers and clients.

What an attacker does using this method is redirect web traffic from one subdomain to another. This results in a valid TLS session, but redirects HTTPS requests from the browser.

The name ALPACA comes from Application Layer Protocol Confusion – Analyzing and mitigating Cracks in TLS Authentication. Researchers have shown that an attacker could redirect HTTPS requests from the victim’s web browser to SMTP, IMAP, POP3, and FTP servers. It could get to extract session cookies and private information, as can happen in attacks of this type. You could even arbitrarily execute JavaScript to bypass TLS and bypass web security.

Many web servers can be vulnerable

An important fact is that they found that 1.4 million web servers they could be vulnerable to these attacks between protocols. They could therefore carry out an ALPACA attack with the aim of confusing the data of the TLS application.

Although security researchers indicate that it is difficult to pinpoint exactly who could be vulnerable, they indicate that being a flaw that is within the TLS authentication of servers, anyone using this could be considerably vulnerable. However, they also ensure that for practical purposes this vulnerability can only be exploited in certain circumstances.

Something fundamental to carry out this threat is that they are going to need a Man in the Middle attacker who is active. It will be necessary to intercept and modify the data sent from the victim’s browser to the web server. This could especially happen on a local network.

To avoid this type of problem, as well as any other that may arise at any given time, it is essential that users have the latest versions of the browser and any program that connects to the network. Any vulnerability that may appear must always be corrected.

Leave a Reply

Your email address will not be published. Required fields are marked *