An updated slipstream technique spells danger for vulnerable firewalls.
Security researchers at Armis enhanced the old 2020 attack by leveraging protocols that evade port blocks. Previously, the initial attack could have been triggered by a malicious JavaScript code that first found the victim’s computer’s IP address and then tried to initiate a SIP video-conference session. This way, every connected device on the target’s network got exposed to the internet.
Researchers warned last year that protocols like WebRTC TURN could be used for attacks, and they managed to prove it with NAT Slipstream v2.
“The new variant to the NAT Slipstreaming attack is comprised of two primitives, the first explores the H.323 ALG, and the second expands the attack surface of the various NAT ALGs reachable from a browser, by abusing the WebRTC TURN server API via JavaScript,”
Ben Seri and Gregory Vishnepolsky, threat researchers at Armis
On a positive note, researchers disclosed the vulnerability to browser vendors back in November 2020, and most major browsers have been patched.
A demonstration of the attack can be found in the video bellow.
Check the source.
Read More
- 85K MySQL Servers were hit by PLEASE_READ_ME RansomwareChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- The new Silver Sparrow malware infected 30,000 MacsChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- Investment Scammers try to trick Dating App UsersChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- LodaRAT Windows Malware affects Android DevicesChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- Cyberpunk 2077 Publishers has suffered a ransomware attackChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.