Oh Great, A Terrapin Broke SSH
A New Exploit For The Man In The Middle To Use
Terrapin is the name given to a new exploit, one which can break the security of SSH network traffic in certain conditions. The first condition is that an attacker must already have successfully set up a man in the middle attack so that they can monitor traffic. While certainly an awful thing to have happen, up until now it was believed that encrypted SSH traffic could not be modified nor usefully intercepted. With Terrapin, it is possible to exploit weaknesses in two specific algorithms commonly used by SSH, specifically ChaCha20-Poly1305 and CBC-EtM.
The new attack is able to mess with the incremental counter that ensures what is coming over SSH was what was sent. So far researchers have come up with two ways that could be taken advantage of. The first is to break extensions with prevent keystroke timing attacks, as there are disturbingly accurate ways to determine what words are being typed simply by knowing the length of time between key presses. The second is a way to force your SSH client to send and accept SHA1 traffic instead of SHA2, which is something of a nightmare nowadays.
If you head over to Ars Technica you can get technical details about Terrapin, and what we know about it so far.
The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack exploits an implementation flaw in the AsyncSSH implementation to inject an extension info message chosen by the attacker and delete the original extension info message, effectively replacing it.
More Tech News From Around The Web
- Wireless TVs use built-in cameras, NFC readers to sell you stuff you see on TV @ Ars Technica
- Sirius XM Is Sued by NY Over ‘Frustrating’ Cancellation Process @ Slashdot
- Google fixes 8th Chrome zero-day exploited in attacks this year @ Bleeping Computer
- Google coughs up $700M in Play Store antitrust suit @ The Register
- UK Officials Caught Napping Ahead of 2G and 3G Doomsday @ Slashdot
- Doom is 30, and so is Windows NT. How far we haven’t come @ The Register
- Microsoft fixes Wi-Fi issues triggered by recent Windows updates @ Bleeping Computer
- Elgato Facecam Pro Webcam @ Tweaktown
- Christmas 2023 Mega Joint Worldwide Giveaway @ NikKTech
of all things to corrupt it has to be the reputation of a terrapin? shame on you