DUHK attacks allow hackers to obtain encryption keys for VPN and web browsing sessions
DUHK - Dont Use Hard-coded Keys - is a new dangerous encryption executable vulnerability that allows an attacker to recover the encryption key used to secure VPN connections and web sessions.
DUHK - Dont Use Hard-coded Keys - is a new dangerous encryption executable vulnerability that allows an attacker to recover the encryption key used to secure VPN connections and web sessions.
DUHK is the third vulnerability related to encryption discovered this month, after attacking WiFi KRACK and attacking ROCA.
This vulnerability exists on many devices of many vendors, including Fortinet, Cisco, TechGuard, where the device uses ANSI X9.31 RNG - an algorithm to generate pseudo random numbers - along with the key hard-coded (just embedding it directly into source or fixed data instead of taking from external sources).
Before being removed from the list of FIPS-approved random number sequence algorithms approved in January 2016, ANSI X9.31 RNG is used in many coding standards for more than 30 years.
The pseudo random number generator (PRNG) does not generate random numbers. In essence, it is an algorithm that creates a series of bits based on secret values originally called 'seeds' and creates the current state. This bit sequence is always the same due to the same initial values.
Some vendors store this 'secret seed' into their product source code.
Discovered by cryptanalysts Shaanan Cohney, Nadia Heninger and Matthew Green, DUHK, known as 'status restoration attack', allows intermediaries who already know the value of seeds restore the current value after viewing the output data.
With those two values, the attacker uses to recalculate the encryption key, restoring the encrypted data.
'To describe the reality, we created passive decoding attack on FortiGate VPN product with FortiOS version 4', the researchers said. 'We scanned at least 23,000 devices with public IPv4 addresses running FortiOS versions containing vulnerabilities'. Below is an incomplete list of influential devices with the same version.
Vendor products containing vulnerabilities are vulnerable to DUHK attacks
Researchers have also published in-depth research material on the DUHK attack website at this address.https://duhkattack.com/
You should read it
- Application protection against DFA attacks
- Summary of popular network attacks today
- Cisco security equipment is targeted at DoS attacks through an old vulnerability
- Warning: DDoS attacks are becoming more dangerous both in scale and complexity
- DNS attacks are costing governments worldwide huge amounts
- IBM developed a new technology to patch security holes
- Detection of security vulnerabilities affects all Bluetooth versions
- AMD patched a series of security holes in the graphics driver for Windows 10
- Microsoft warns of an increasing trend of attacks targeting firmware and worrying public indifference
- Top 10 attack techniques on the web
- How many DDoS cases are reported in 2019?
- Hacker purged two-factor security just by automated phishing attacks
Maybe you are interested
How to back up and restore the Start menu layout Facebook will launch Horizon virtual reality social network in 2020 How to fix the error is not aligned on Word Instructions to block Viber messages on the phone 10 great reasons to visit Madrid in 2017 Top 10 common errors to avoid when hunting online