Shocking discovery in the world of browsers: a backdoor that has been exploited for 18 years
Hackers able to access private networks via backdoors in major web browsers
A vulnerability in browsers has been discovered after 18 years, allowing hackers to access private networks via the IP 0.0.0.0. Apple, Google and Mozilla are responding with security measures. The risk involves sensitive data on private and development servers.
A recent study released Wednesday revealed that for 18 years, major browsers have had a backdoor that allowed hackers to access the private networks of homes and businesses. Apple, Google and Mozilla took immediate action to resolve this serious vulnerability. The issue concerns the handling of requests to the IP address 0.0.0.0 by browsers such as Chrome, Safari and Firefox. These browsers take requests to that address and redirect them to other IPs, including "localhost", which is usually a server on a private network used for testing code. Israeli cybersecurity startup Oligo found that hackers exploited this loophole by sending malicious requests to IP 0.0.0.0 to access sensitive data.
The mechanism of the "0.0.0.0-Day" attack
A typical attack involves the attacker tricking the victim into visiting a seemingly harmless website, but actually sending malicious requests to access files via 0.0.0.0. This information may include developer data and internal communications. The most critical aspect of the “0.0.0.0-day” attack is that it allows the hacker to penetrate the victim's private network, opening up multiple attack vectors. This type of attack can affect both individuals and companies hosting web servers, putting a significant number of vulnerable systems at risk. The researchers also found that it is possible to run malicious code on a server using the Ray AI framework, used to train artificial intelligence models by companies such as Amazon and Intel.
Reactions from big tech companies
Attacks exploiting this vulnerability have already been documented. For example, in June of this year, Google security developer David Adrian reported several incidents of malware that exploited the 0.0.0.0 IP address to attack development tools. Fortunately, Windows systems are not vulnerable thanks to the 0.0.0.0 IP blocking implemented by Microsoft. Apple has announced that it will block all requests to the 0.0.0.0 IP address in the upcoming macOS 15 Sequoia beta, aiming to improve the security of the operating system. Google also plans to introduce a similar block, although there are no official comments on the matter yet.
Implications and future prospects
Mozilla, creator of Firefox, has for the moment avoided adopting a similar measure, citing potential compatibility problems, since some servers use the 0.0.0.0 address instead of localhost and blocking it could cause disruptions. These incidents highlight how cybersecurity and personal data protection are increasingly becoming a priority for large technology companies. The researchers insist that the risk associated with open access to IP 0.0.0.0 is significant, as it allows access to data that should be protected. The results of this research will be presented at the DEF CON conference in Las Vegas, scheduled for this weekend.
Follow us on Telegram for more pills like this08/08/2024 14:11
Marco Verro