Article 4NQG4 Router Network Isolation Broken By Covert Data Exfiltration

Router Network Isolation Broken By Covert Data Exfiltration

by
Fnord666
from SoylentNews on (#4NQG4)

upstart writes:

Submitted via IRC for SoyCow2718

Router Network Isolation Broken By Covert Data Exfiltration

Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration.

Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host.

The boundary insulates sensitive or critical systems from others that enjoy less strict security policies. This practice is common and even a recommended security measure. It is a logical separation that occurs at software level, though, and it is not airtight.

Researchers at the Ben-Gurion University of the Negev discovered multiple methods to carry data across two segregated network segments on the same hardware.

They achieved this through direct or timing-based covert channels and tested the findings on seven routers in various price ranges from multiple vendors. The methods do not allow exfiltration of large aounts of data but shows that it is possble to break the logical barrier.

Clandestine direct communication is possible by encoding the data in packets that several protocols erroneously forward to both isolated networks. This method does not work on all tested routers and where it is valid, the transfer is not bidirectional in all cases.

Timing-based covert channels rely on shared hardware resources (CPU time, network and memory buffers) to send the information. This is done by influencing the use of those resources and reading the effect to interpret the bits of data.

"To exploit these [timing-based] channels, we need to construct sender and receiver gadgets which cause an increased demand on the router's control plane or sample this demand, respectively."

[...] The flaws discovered by the researchers, though, received the following identification numbers and are tracked as:

  • CVE-2019-13263
  • CVE-2019-13264
  • CVE-2019-13265
  • CVE-2019-13266
  • CVE-2019-13267
  • CVE-2019-13268
  • CVE-2019-13269
  • CVE-2019-13270
  • CVE-2019-13271

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments