Armis experts will present at the Black Hat USA conference, their EtherOops attack, which exploits Ethernet cabling problems and can be used to bypass network defenses, as well as to attack devices inside closed corporate networks.
Essentially, an EtherOops attack relies on faulty Ethernet cables located in the path from the attacker to the victim. Experts are confident that, due to the special conditions required for the attack, EtherOops is unlikely to become a massive problem that threatens companies around the world. Nevertheless, the attack is still feasible in practice, which means that it can be used in certain scenarios, and it cannot be completely discounted either.
EtherOops is a variation on a packet-in-packet attack. In this type of attack, packages are nested within each other, and the outer shell is a harmless package, while the inner content is malicious code or command. The outer packet hides the payload from firewalls, while the inner packet is designed to attack devices inside the network.
Armis researchers say EtherOops can take the packet-in-packet attack to the next level. The fact is that faulty cables (which have problems in operation due to incorrect wiring, or due to malicious interference created) suffer from bit flips, which gradually destroys the outer shell and leaves only an internal payload.
Thus, the EtherOops attack can be used to penetrate companies' networks from the Internet; penetration into internal networks from the DMZ segment; lateral movement between different segments of internal networks.
Armis experts admit that the EtherOops attack is difficult to implement and requires a number of special conditions. For example, faulty cables must be present at key positions within the target network. In most scenarios, an attacker would most likely need to lure a user into a malicious site in order to obtain a direct connection to the victim within the corporate network to deliver payloads. In addition, bit flips are not very common, which means that you will have to bombard the target network with many packets in the hope of a successful bit flip, and the percentage of successful attacks will be extremely small.
"Complicated? Yes, but not impossible, ”the experts summarize.
The easiest way to defend against EtherOops is to use shielded Ethernet cables or security solutions that can detect packet-in-packet attacks.
Videos showing the attack in practice can be seen below.