New Ways of IPV6 Scanning

Presented at Black Hat Europe 2021, Nov. 10, 2021, 10:20 a.m. (40 minutes)

Nowadays, there are fewer and fewer IPv4 addresses, but IPv6 is popular because it has enough addresses. Assuming an attacker scans at a rate of 1 million hosts per second, it will take 500,000 years. So it seems that IPv6 is very secure, and the address scanning attack is invalid. But after thorough research, we found several vulnerabilities to scan or obtain IPV6 addresses effectively.

One of the vulnerabilities affects all Linux kernel devices! One affects all Android devices! So it looks like all iPhones, Android phones and smart devices like routers, Smart speakers, and even car entertainment systems are affected. Using these vulnerabilities, we can easily get those random IPv6 addresses, for example, we can get the IPv6 addresses of all devices in a city in one minute. And this kind of attack is universal. This will cause all clients to be directly accessed, just like all the devices in a big Intranet, so we can access the ADB debug port, web services, telnet...Compared with the servers on Internet, the port vulnerability of IOT devices in Intranet is more serious.

We will also introduce some other IPv6 security risks, hoping to draw your attention to IPv6 Security.


Presenters:

  • Xingru Wu - Security Researcher, Baidu
    Xingru Wu is a member of  Baidu Security Lab. She focuses on IoT security, vehicle security and penetration.
  • Jie Gao - Security Researcher, Baidu
    Jie Gao is a member of  Baidu Security Lab. He's good at reverse engineering and antivirus. Now he focuses on finding IoT vulnerabilities and Adobe Reader Fuzzing technology.
  • Shupeng Gao - Senior Security Researcher, Baidu
    Shupeng Gao is a member of the Baidu Security Lab. He is an expert on IoT security, AI security, penetration testing, etc. He has been invited to talk at multiple security conferences, such as Black Hat USA/Asia, DEF CON USA/Asia, BlueHat, GeekPwn, MoSec, etc.

Links:

Similar Presentations: