Network Time Protocol is a widely used specification by computers to ensure their internal clocks are accurate. However the connections between computers and NTP servers are not encrypted. This leaves it vulnerable to Man In The Middle Attacks,where an attacker can intercept the communication and change it according to their wish.

Vulnerability In NTP


This serious weaknesses in the Internet's time-synchronization can be used to change the actual time in computers,to whatever time the attacker chooses.  These attacks could be used by malicious actors to wreak havoc on the Internet. An attack that prevents sensitive computers and servers from receiving regular time-synchronization updates could cause malfunctions on a mass scale. In many cases, such denial-of-service hacks can be carried out even when attackers are "off-path,

Effects Of This Vulnerability.


This vulnerability,if properly exploited, can cause debilitating outages, snoop on encrypted communications, bypass important security measures such as DNSSEC specification preventing the tampering of domain name system records,etc The most troubling scenario involves bypassing HTTPS encryption by forcing a computer to accept an expired transport layer security certificate.

However it's not clear how practical some of the attacks would be in real-world settings. While it's possible to use symmetric encryption to cryptographically authenticate an NTP service, keys are difficult to acquire.

More details can be obtained from the research paper at http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf

Sources:

http://www.pentester.es/2015/10/delorean.html,

http://www.cs.bu.edu/~goldbe/NTPattack.html ,

http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/ 

Post a Comment

 
Top