Feds Warn of New NTP Hack Endangering Infrastructure

Hot on the heels of accusations by the FBI that North Korea was behind the most devastating hack in U.S. history, the federal government has just issued an advisory warning that large swaths of critical industrial-control infrastructure could be vulnerable to yet another form of attack that takes advantage of the Network Time Protocol.

The danger lies in a weakness in NTP, which is widely used to synchronize the clocks in servers across networks, that can be exploited by hackers to conduct remote attacks, according to an advisory by the government on Friday. Not only that, but hacker tools targeting the exploit are widely available.

Network Time Protocol

NTP is an open-source protocol widely used by networks considered to be critical IT infrastructure by the federal government. Hackers could use the vulnerability in order to execute code on a system with the privileges of the Network Time Protocol daemon (ntpd) process.

The problem resides in the way NTP manages its stack buffer. In earlier versions of NTP, a remote attacker can send a carefully crafted packet that can cause the stack buffer to overflow and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable. System administrators are advised to upgrade to NTP-stable 4.2.8, which was released on Friday. The exploit was discovered by Neel Mehta and Stephen Roettger, two researchers in the Google Security Team who were coordinating their efforts with the Department of Homeland Security.

"Impact to individual organizations depends on many factors that are unique to each organization," according to the advisory published Friday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a group within the Department of Homeland Security responsible for coordinating responses to threats to critical infrastructure. "ICS-CERT recommends that organizations evaluate...

Comments are closed.