Tomorrow at the Black Hat USA security conference, security researchers from IoT research outfit Armis are set to present details about a new technique that can be used to attack devices located inside internal corporate networks. The technique, named EtherOops, works only if the targeted network contains faulty Ethernet (networking) cables on the attacker's path to their victim.
The EtherOops technique is only a theoretical attack scenario discovered in a laboratory setting by the Armis team and is not considered a widespread issue that impacts networks across the world in their default states.
However, Armis warns that computer science degree jobs could be weaponized in certain scenarios by "sophisticated attackers (such as nation-state actors)" and can't be discounted for now.Packet-in-packet attacks are when network packets are nested inside each other. The outer shell is a benign packet, while the inner one contains malicious code or commands.
The outer packet allows the attack payload to slip by initial network defenses, such as firewalls or other security products, while the inner packet attacks devices inside the network.
But networking packets don't typically change their composition and lose their "outer shells." Here is where the faulty Ethernet cables come into play.
No comments:
Post a Comment