There are many threats on the Internet that could put our security at risk. Hackers can make use of multiple attacks that in one way or another allow to steal information, password or simply affect the performance of the computer. In this article we echo ALPACA , a new attack has discovered a group of security researchers that is based on the Man in the Middle technique. We are going to explain what it consists of.
ALPACA, a new attack against TLS servers
Man in the Middle attacks allow an attacker to interfere with a connection. It could read the information that is sent or received, strain data or even modify it. For example, we can mention when a user connects to a public Wi-Fi network in a shopping center and sends information in plain text. There may be a hacker on that network collecting the data that is sent and received.
Now, there are different types of attacks. On this occasion, a group of German security researchers has discovered a new method called ALPACA. The objective is to exploit TLS servers , which is the Internet standard in charge of ensuring communications between servers and clients.
What an attacker does using this method is redirect web traffic from one subdomain to another. This results in a valid TLS session, but redirects HTTPS requests from the browser.
The name ALPACA comes from Application Layer Protocol Confusion – Analyzing and mitigating Cracks in TLS Authentication. Researchers have shown that an attacker could redirect HTTPS requests from the victim’s web browser to SMTP, IMAP, POP3, and FTP servers. It could get to extract session cookies and private information, as can happen in attacks of this type. You could even arbitrarily execute JavaScript to avoid TLS and bypass web security.
Many web servers can be vulnerable
An important fact is that they found that 1.4 million web servers could be vulnerable to these attacks between protocols. They could therefore carry out an ALPACA attack with the aim of confusing the data of the TLS application.
Although security researchers indicate that it is difficult to pinpoint exactly who could be vulnerable, they indicate that being a flaw that is within the TLS authentication of the servers , anyone using this could be considerably vulnerable. However, they also ensure that for practical purposes this vulnerability can only be exploited in certain circumstances.
Something fundamental to carry out this threat is that they are going to need a Man in the Middle attacker who is active. It will be necessary to intercept and modify the data sent from the victim’s browser to the web server. This could happen especially on a local network.
To avoid this type of problem, as well as any other that may arise at any given time, it is essential that users have the latest versions of the browser and any program that connects to the network. Any vulnerability that may appear must always be corrected.
