NTP Servers Exposed to Long-Distance Wireless Attacks

Captain Awesome

Level 23
Thread author
Verified
Top Poster
Well-known
May 7, 2016
1,292
AMSTERDAM - HACK IN THE BOX - Researchers have demonstrated that remote attackers can wirelessly change the time on network time protocol (NTP) servers over long distances using inexpensive devices.

NTP is a networking protocol utilized to synchronize time between computer systems. NTP uses a hierarchical system of time sources where the first level (stratum 0) is represented by reference clocks, such as atomic, GPS and radio clocks (JJY, WWVB, DCF77 and WWVH). The computers on the other levels (stratum 1, stratum 2, etc.) are synchronized with the previous stratum and also with devices on the same stratum for sanity checks, stability and robustness.

NTP servers can be used by organizations to synchronize the time on devices within their network, but they also play an important role in industrial and power generation networks.

Shifting time on an NTP server can have serious consequences — it allows attackers not only to damage or disrupt systems, but also to authenticate to services using expired credentials, bypass HTTP STS and certificate pinning, and cause TLS clients to accept revoked or expired certificates.

In a presentation at the Hack in the Box (HITB) conference this week, Yuwei Zheng and Haoqi Shan of China-based security firm Qihoo360 showed how a remote attacker can shift time on a stratum 1 NTP server by wirelessly sending it forged radio time signals.
Read Full:NTP Servers Exposed to Long-Distance Wireless Attacks | SecurityWeek.Com
 
  • Like
Reactions: Jrs30

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top