More and more threats are emerging on the web that could put our security at risk. Hackers are capable of carrying out multiple types of attacks that in one way or another manage to steal our information, passwords, or simply degrade the performance of the device. Today we will get to know ALPACA, not the animal, but an attack that uses the Man In the Middle technique.
Man In the Middle attacks (as their name indicates: man in the middle) consist of interfering with a connection to read the information being sent, inject data, or even modify it. For example, We could consider a public WiFi network that we connect to and someone is collecting the information we are transmitting.
On this occasion, A group of researchers has discovered a new method called ALPACA. The goal is to exploit TLS servers, those that are responsible for securing communications between servers and clients. An attacker with this method is able to redirect web traffic from one subdomain to another. This will result in a valid TLS session, but it will redirect HTTPS requests from the browser.
Researchers have demonstrated that an attacker could redirect the requests we make from the web browser to different servers, which could extract cookies or private information. It could even arbitrarily execute JavaScript and thus bypass TLS and circumvent web security.
El dato importante es que se encontraron aproximadamente 1,4 millones de servidores que podrían ser vulnerables entre protocolos, aunque los investigadores indican que es difícil precisar con exactitud quién podría ser vulnerable, donde cualquiera que utilice esto podría considerarse vulnerable. Nevertheless, aseguran también que a efectos prácticos esta vulnerabilidad puede únicamente explotarse en determinadas circunstancias.
Para ejecutar este ataque es necesario que un atacante Man in the Middle esté activo. Va a ser necesario interceptar y modificar comunicaciones, algo que es mucho más probable en una red local.
Para evitar este tipo de problemas, lo recomendable es que los usuarios cuenten con las últimas versiones del navegador y de cualquier programa que utilice funciones de red. Siempre hay que corregir cualquier vulnerabilidad que pueda aparecer.