This post is also available in: heעברית (Hebrew)

A significant security breach has been discovered in the DNS protocol, by Israeli students from the Technion’s Department of Computer Sciences. As a result the algorithm will be replaced in the next version of the protocol.

13931459_m featureThe vulnerability, discovered by the Technion students, allows attackers to draw users browsing the web to a fake website with the same name, which might look completely identical to the original. DNS is the most common internet protocol, responsible for navigating between global servers based on website addresses. In addition, the DNS protocol is also utilized by e-mail servers.

Since this protocol is responsible for leading users to the site they wanted to see, any breach of the protocol can lead them to alternate sites, instead,” this according to Alon Goldfiz, senior systems engineer at Fortinet. “The Technion students found a breach in the protocol, which allows attackers to send DNS servers wrong information, effectively redirecting users to the wrong site. In this way attackers can steal personal details from users. Take, for example, a situation where a private user wants to reach his banking website from the privacy of his own home. Falling prey to an attacker that’s abusing this latest vulnerability, the user will reach an alternate website that looks identical to the one he tried to reach. He’ll enter his user name, password and any other codes necessary – all falling into the hands of the creators of the fake website instead of reaching the real one.”

iHLS – Israel Homeland Security

It’s important to note that the discovery is based on research done in the Technion, rather than a concrete attack perpetrated by criminals. “Since this is a complex attack chances are hackers won’t use it. Still, it’s always important to protect yourself before entering important websites like banks, health clinics and so on, in addition to making online credit-card payments as secure as possible. The best means of defense is to verify the website’s digital signature. Any self-respecting website has a digital signature, you can check it using your browser and make sure it’s real,” concluded Goldfiz.