A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis.
Detailed in late October 2020, the NAT Slipstreaming attack relies on tricking the victim into accessing a specially crafted website and exploits the browser on the device, along with the Application Level Gateway (ALG), a connection tracking mechanism in Network Address Translation (NAT), firewalls, and routers.
The attack was meant to bypass existing browser-based port restrictions and allow the attacker to remotely access TCP/UDP services on the victim’s device, even if it was protected by a firewall or NAT.
In a research paper published on Tuesday, Armis security researchers detailed a variant of the attack, dubbed NAT Slipstreaming 2.0, that can bypass mitigations for NAT Slipstreaming, and which also expands the attacker’s reach, allowing them to create paths to any device on the internal network.
“This puts embedded, unmanaged, devices at greater risk, by allowing attackers to expose devices located on internal networks, directly to the Internet,” the security researchers note.
They underline that unmanaged devices are at greater risk, as they often lack security capabilities, require little-to-no authentication for data access, and may be impacted by vulnerabilities that have been publicly disclosed but remain unpatched.
Such devices may include printers exposed through the default printing protocol, industrial controllers using unauthenticated protocols, and IP cameras that have an internal web server secured with default credentials.
In this context, Armis says, the NAT Slipstreaming attack is no longer just a nuisance, as it can b ..
Support the originator by clicking the read the rest link below.
