Multiple TCP/IP stack flaws could leave millions of devices open to attack
Credit:
IT Pro
Security researchers have discovered vulnerabilities in multiple TCP/IP stacks that affect millions of internet-connected devices and could enable hackers to hijack them.
Researchers at Forescout, a cyber security firm, have uncovered nine exploits, dubbed “Number:jack,“ in multiple TCP/IP stacks that improperly generate Initial Sequence Numbers (ISNs) within TCP connections. This meant the flaws left devices’ TCP connections open to attacks. ISNs ensure that every TCP connection between two devices is unique and that there are no collisions so that third parties cannot interfere with an ongoing connection.
The stacks are susceptible to the so-called “Mitnick attack,” named after legendary computer hacker Kevin Mitnick.