A gap in the adoption of the IPv6 protocol could be leaving users prone to attack, say researchers.
Security firm NeoHapsis is warning that
the protocol, which has been undergoing a rollout over the last several
years, could be subject to a unique attack that redirects users to
unwanted potentially malicious pages.
Dubbed a “SLAAC” attack, the operation
takes advantage of the client-side rollout of IPv6 and the built-in
preference such systems have for the new protocol.
“Modern operating systems, such as
Windows 8 and Mac OS X, come out of the box ready and willing to use
IPv6, but most networks still have only IPv4,” explained Neohapsis researchers rent Bandelgar and Scott Behrens.
“This is a problem because the
administrators of those networks may not be expecting any IPv6 activity
and only have IPv4 monitoring and defenses in place.”
The researchers went on to describe an
attack in which the attacker finds and IPv4 and sets up a server or
network impersonating an IPv6 alternative. When users attempt to load
the intended site, their systems could, by default, select the imposter
network instead, sending their traffic through the attacker's systems.
“They could pretend to be an IPv6 router
on your network and see all your web traffic, including data being sent
to and from your machine,” the researchers said.
“Even more lethal, the attacker could
modify web pages to launch client-side attacks, meaning they could
create fake websites that look like the ones you are trying to access,
but send all data you enter back to the attacker (such as your username
and password or credit card number).”
While such attacks could be mitigated by
disabling IPv6 on newer systems, Neohapsis believes that the more
practical and effective solution for the long term is to encourage
companies and network operators to speed up their adoption of the IPv6
protocol.
No comments:
Post a Comment