Localhost Detour from Public to Private Networks

Yehuda Afek, Anat Bremler-Barr, Dor Israeli and Alon Noy
The International Symposium on Cyber Security, Cryptology and Machine Learning (CSCML),
2023
Conferences & Workshops
Cybersecurity

Abstract

This paper presents a new localhost browser based vulnerability and corresponding attack that opens the door to new attacks on private networks and local devices. We show that this new vulnerability may put hundreds of millions of internet users and their IoT devices at risk. Following the attack presentation, we suggest three new protection mechanisms to mitigate this vulnerability.
This new attack bypasses recently suggested protection mechanisms designed to stop browser-based attacks on private devices and local applications.

Video

Prizes

July 18, 2023
Best Paper CSCML 2023

Supplemental Material

March 29, 2023
Technical Report

@inproceedings{Afek2023,
author = {Yehuda Afek and Anat Bremler-Barr and Dor Israeli and Alon Noy},
title = {Localhost Detour from Public to Private Networks},
booktitle = {Proceedings of The International Symposium on Cyber Security, Cryptology and Machine Learning (CSCML)},
year = {2023},
}