1 research outputs found
Cross-Router Covert Channels
Many organizations protect secure networked devices from non-secure networked
devices by assigning each class of devices to a different logical network.
These two logical networks, commonly called the host network and the guest
network, use the same router hardware, which is designed to isolate the two
networks in software.
In this work we show that logical network isolation based on host and guest
networks can be overcome by the use of cross-router covert channels. Using
specially-crafted network traffic, these channels make it possible to leak data
between the host network and the guest network, and vice versa, through the use
of the router as a shared medium. We performed a survey of routers representing
multiple vendors and price points, and discovered that all of the routers we
surveyed are vulnerable to at least one class of covert channel. Our attack can
succeed even if the attacker has very limited permissions on the infected
device, and even an iframe hosting malicious JavaScript code can be used for
this purpose. We provide several metrics for the effectiveness of such
channels, based on their pervasiveness, rate and covertness, and discuss
possible ways of identifying and preventing these leakages.Comment: Presented at WOOT 2019 - https://orenlab.sise.bgu.ac.il/p/CrossRoute