Bit-squatting - a fresh threat to owners of popular domains
Forget phishing, forget cybersquatting, forget type squatting, for all owners of popular domains there is now something new, a new threat to worry about - bit-squatting.
Such a conclusion was made by Artem Dinaburg, who will deliver his report on the new research at the Black Hat and DEF CON conferences, which are currently underway in Las Vegas (Black Hat has already completed, approx. Transl.)
Defective hardware in Internet servers can turn into a whole new category of type-squatting attacks that companies may already be concerned about that already suffer from problems with domain names.
According to a short summary of the Dinaburg report , RAM chips can sometimes cause special malfunctions due to overheating or radiation, which leads to a “bit turn” when 1 turns into 0 and vice versa.
Because DNS uses ASCII, a request containing one inverted bit can return a completely different name to the user.
To test his theory, Dinaburg registered several domain names like mic2osoft.com. Although outwardly it does not look like a typo, nevertheless, in binary form, the difference between it and the original is only one bit.
The binary ASCII code for the number 2 is 00110010, and for the letter 'r' in lower case - 01110010.
Full binary line for “microsoft”:
and the same for mic2osoft (the different bit is bold):
Thus, if this single bit accidentally “turned over” in the faulty chip, the user already sends the data to the squatter bit, and not to Microsoft.
Of course, it is worth noting that this applies only to domains with huge traffic, only in this case there is a possibility that such cases will occur with sufficient frequency.
But Dinaburg believes that this is serious enough to draw attention to the problem. He wrote :
At the presentation, he also plans to discuss possible solutions to the problem, both software and hardware. (doesn’t parity memory solve the problem? approx. transl.)
Because Black Hat has already been completed, then maybe there are those among the masters who were at the conference and listened to the report? Share information. At DEF CON, Artem’s talk is scheduled for August 7th.
UPD: Thank you all for a good share of healthy skepticism, for criticism and comments. Something similar I expected to see, in general. Most of the thoughts expressed in the comments coincide with my first thoughts after reading the announcement of Artem's speech. But I want to believe that this topic is not as simple as it seems at first glance (the commission of the aforementioned conferences has never yet discredited itself in the choice of reports), I promise to follow the information and publish a continuation (if I can by that moment, of course -) , my opportunities are only rapidly melting).
Such a conclusion was made by Artem Dinaburg, who will deliver his report on the new research at the Black Hat and DEF CON conferences, which are currently underway in Las Vegas (Black Hat has already completed, approx. Transl.)
Defective hardware in Internet servers can turn into a whole new category of type-squatting attacks that companies may already be concerned about that already suffer from problems with domain names.
According to a short summary of the Dinaburg report , RAM chips can sometimes cause special malfunctions due to overheating or radiation, which leads to a “bit turn” when 1 turns into 0 and vice versa.
Because DNS uses ASCII, a request containing one inverted bit can return a completely different name to the user.
To test his theory, Dinaburg registered several domain names like mic2osoft.com. Although outwardly it does not look like a typo, nevertheless, in binary form, the difference between it and the original is only one bit.
The binary ASCII code for the number 2 is 00110010, and for the letter 'r' in lower case - 01110010.
Full binary line for “microsoft”:
011011010110100101100011011100100110111101110011011011110110011001110100
and the same for mic2osoft (the different bit is bold):
0110110101101001011000110 0 1100100110111101110011011011110110011001110100
Thus, if this single bit accidentally “turned over” in the faulty chip, the user already sends the data to the squatter bit, and not to Microsoft.
Of course, it is worth noting that this applies only to domains with huge traffic, only in this case there is a possibility that such cases will occur with sufficient frequency.
But Dinaburg believes that this is serious enough to draw attention to the problem. He wrote :
To confirm the seriousness of the threat, I registered several domains on the basis of bit-squatting and recorded all HTTP requests and DNS traffic. The results were quite shocking and surprising, from mis-routed DNS queries to requests for Windows updates.
...
I hope to convince the audience that bit-squatting and other attacks caused by errors with “inverted” bits are quite feasible in practice and quite serious, the problem should be paid attention to the hardware and software manufacturers.
At the presentation, he also plans to discuss possible solutions to the problem, both software and hardware. (doesn’t parity memory solve the problem? approx. transl.)
Because Black Hat has already been completed, then maybe there are those among the masters who were at the conference and listened to the report? Share information. At DEF CON, Artem’s talk is scheduled for August 7th.
UPD: Thank you all for a good share of healthy skepticism, for criticism and comments. Something similar I expected to see, in general. Most of the thoughts expressed in the comments coincide with my first thoughts after reading the announcement of Artem's speech. But I want to believe that this topic is not as simple as it seems at first glance (the commission of the aforementioned conferences has never yet discredited itself in the choice of reports), I promise to follow the information and publish a continuation (if I can by that moment, of course -) , my opportunities are only rapidly melting).
')
Source: https://habr.com/ru/post/125744/
All Articles