University of Michigan researchers Zhiyun Qian and , Z. Morley Mao detail and demonstrate an Off-Path TCP Sequence Number Inference Attack
They also link to an Android app they've developed to:
find out if your network has deployed the sequence-number-checking firewall middlebox. It also helps us collect more data on which network providers are vulnerable so that we can report the issue to them.
What is off-path TCP sequence number inference attack?
Off-path sequence number inference attack is a new network attack that we discovered which can further enable TCP injection and hijacking attacks. One form of the attack is that an attacker on the Internet can collaborate with an on-device malware (unprivileged, such as a disguised third-party app) to hijack the facebook webpage (which is loaded by a separate app -- browser). Here's a picture of the threat model. In this particular threat model, the unprivileged malware collaborates with an Internet attacker to hijack the connection to the Facebook server. A more complete list of attacks possible is described in our paper.
- Posted using BlogPress from my iPad