The Belgian university KU Leuven has uncovered a critical security flaw that exposes computer servers worldwide to potential hacker attacks. The vulnerability affects approximately 4 million users, primarily in the United States, France, China, and Japan.
For their research, the KU Leuven team conducted comprehensive testing on computer servers. Researchers from DistriNet, a research group within the Department of Computer Science, transmitted harmless test data packets to millions of devices globally to assess their security.
These packets were encapsulated using a tunnelling protocol to evaluate the resilience of tunnelling hosts or servers. These servers function as crucial connectors between computer networks. Servers that accepted these test packets were identified as vulnerable.
New attack techniques
The researchers identified several methods through which hackers could potentially exploit these vulnerable servers. In the process, some new types of attacks were also discovered:
- Ping-Pong attack: In this type of attack, the servers play a digital game of Ping-Pong and exchange the packets back and forth. This can cause network overload.
- Tunnelled Temporal Lensing: This method creates network overload by coordinating packets to arrive at a target through multiple routes simultaneously.
- Economic DoS Attack: A type of Denial of Service (DoS) attack in which a server is flooded with packets. In this type of attack, the victim also loses financially from the attack.
Softbank network found vulnerable
The researchers specifically mentioned two companies with vulnerable servers. Japanese telecommunications provider SoftBank, owner of chipmaker Arm, which produces chips for the mobile market. Recently, SoftBank has expanded into AI investments, acquiring Graphcore and forming a partnership with OpenAI.
Also read: After Arm adventure, SoftBank acquires British AI firm Graphcore
China Mobile was also named as having significant vulnerabilities. The affected servers were primarily distributed across China, France, Japan, the United States, and Brazil. The researchers also conducted domestic checks in Belgium, which led them to contact telecom provider Telenet regarding vulnerable tunnelling hosts on their customer networks.
Recommendations
The research team has already notified the owners of vulnerable infrastructure. They recommend thorough configuration reviews of tunnelling hosts and suggest configuring servers to accept packets exclusively from trusted IP addresses. “But using a protocol that provides authentication and encryption is even more secure,” they say.
“Commonly used protocols are IP in IP and GRE (Generic Routing Encapsulation), but those protocols don’t allow encryption or sender verification,” says Professor Mathy Vanhoef affiliated with KU Leuven. “For enhanced security, Internet Protocol Security must be implemented as an additional layer, and this is precisely where the problem lies: this extra security is often omitted. In total, we found more than 3.5 million vulnerable hosts working with IPv4 addresses, but also more than 700,000 using the newer IPv6 addresses.”
Tip: Interpol takes tens of thousands of malicious IP addresses and servers offline