Off-Path TCP Exploit Allows Attackers to Steal Data via Unencrypted Connections

[Bot]

All Wi-Fi routers are vulnerable to an off-path TCP exploit which would allow attackers to steal data transmitted via HTTP over a wireless connection using web cache poisoning on the latest versions of all major operating systems (Windows, macOS, and Linux).

As discovered by Associate Professor Zhiyun Qian and doctoral student Weiteng Chen from UCR, the exploit takes advantage of the interaction between TCP and Wi-Fi, and it makes it possible for crooks to steal login credentials, as well as inject tampered data.

There is no apparent fix for this issue at the moment given that it's based on the mechanisms used by the Wi-Fi and TCP protocols to exchange information.

To exploit this vulnerability, attackers can intercept the communication between your router and your computer and send a malicious payload which will look exactly like the real thing when it reaches your web bro... (read more)

Read more: Off-Path TCP Exploit Allows Attackers to Steal Data via Unencrypted Connections