An updated slipstream technique spells danger for vulnerable firewalls.

Security researchers at Armis enhanced the old 2020 attack by leveraging protocols that evade port blocks. Previously, the initial attack could have been triggered by a malicious JavaScript code that first found the victim’s computer’s IP address and then tried to initiate a SIP video-conference session. This way, every connected device on the target’s network got exposed to the internet.

Researchers warned last year that protocols like WebRTC TURN could be used for attacks, and they managed to prove it with NAT Slipstream v2.

“The new variant to the NAT Slipstreaming attack is comprised of two primitives, the first explores the H.323 ALG, and the second expands the attack surface of the various NAT ALGs reachable from a browser, by abusing the WebRTC TURN server API via JavaScript,”

Ben Seri and Gregory Vishnepolsky, threat researchers at Armis

On a positive note, researchers disclosed the vulnerability to browser vendors back in November 2020, and most major browsers have been patched.

A demonstration of the attack can be found in the video bellow.

Check the source.

Read More