Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Youâve probably heard of Internet Protocol Security (IPsec) referred to by many as one of the most secure data encryption methods.
Itâs comprised of several security protocols that send data packets over IP networks in ways that make them hidden and inaccessible to third parties.
But recent research warns even IPsec has its flaws.
Hackers Could Decrypt IPsec Information
Ordinarily, IPsec ensures cryptographically secured communications when people use insecure and publicly accessible portals, such as when browsing the internet.
However, a team of researchers discovered numerous security vulnerabilities related to an internet key exchange protocol called âIKEv1.â IPsec maintains encrypted connections between two parties when both of them define and exchange shared keys during communications.
While investigating the matter, the team successfully orchestrated something called a âBleichenbacherâs Attack.â It was invented in 2008 and involves purposefully filling an encoded message with errors and then repeatedly sending that content to a server.
A hacker can then study the serverâs replies and gain increasingly accurate intelligence about the contents of encrypted information. Eventually, the infiltrator gets enough information to falsely assume the identity of one of the communicating parties and steal data.
The researchers realized this issue affected hardware manufactured by Clavister, Zyxel, Cisco, and Huawei, and promptly contacted the four companies. All have since fixed the issue, and Zyxel posted content about the problem in the support section of their website and encouraged customers to update their firmware.
To clarify, this vulnerability is not a bug, but it relates to how manufacturers implement the IPsec protocol in their devices.
As such, itâs an implementation error that could be avoided. Itâs also notable that infiltrators have to enter the network before successfully taking advantage of the now-repaired vulnerability.
Password-Related Problems Exist, Too
Further research performed by the scientists indicate there are also security flaws with another internet key exchange protocol called âIKEv2.â Numerous differences exist between IKEv1 and IKEv2. The latter is the more recent of the two. Despite IKEv1 being considered obsolete, itâs still popular and even used on newer devices.
The first phase of the cybersecurity expertsâ research involved using IPsecâs logon-based encryption mode.
However, they decided to also check for vulnerabilities associated with password-based logins for both the IKEv1 and IKEv2 protocols. Password authentication requires hash values, which are similar to fingerprints.
When a user enters a password, it is hashed and compared with stored hash values. If they match, the person gets access. However, research carried out not long ago by the same team that uncovered the first vulnerability found the IKEv1 and IKEv2 protocols are easy to hack, primarily when people use weak passwords.
The findings of their research compelled researchers to suggest that when people use IPsec through password-based logins, they should only choose extremely complex passwords.
Making Your Password Stronger
If you need help with creating better passwords, use a combination of upper and lowercase letters, plus numbers and special characters. Also, avoid using words found in the dictionary, petsâ names, or numbers that make up your birthdate, anniversary, or other information easily found through social media or other means.
For further details on the password vulnerability, consider reading a detailed post about it on the researchersâ blog.
After getting knowledge of the issue, the group reached out to the Computer Emergency Response Team (CERT). That organization coordinated responses and assisted with contacting more than 250 parties once the researchers made their findings available to the tech industry at large.
Why Are These Revelations So Important?
IPsec is commonly depended on while building virtual private networks (VPNs). Many people use those to consume content thatâs not available in their geographic regions.
But, more importantly, users frequently employ VPN tools or other resources that allow offsite access while working remotely or traveling for business purposes.
By viewing work-related content through VPNs while accessing public internet portals, they can theoretically keep sensitive data secure. The problems found by the researchers could make data unsecured in some instances, though.
Even Long-Standing Protocols Arenât Perfect
This team of cybersecurity specialists proved that although IPsec is a long-standing way to secure internet-based communications via cryptography, itâs not without possible failures.
As such, the ongoing research of proactive and inquisitive internet security experts will continue to have value, since new knowledge highlights previously unknown weaknesses.
Image by Negative Space
Security Gaps Found in IPsec was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.