This paper presents a new localhost browser based vulnerability and corresponding attack that opens the door to new attacks on private networks and local devices. We show that this new vulnerability may put hundreds of millions of internet users and their IoT devices at risk. Following the attack presentation, we suggest three new protection mechanisms to mitigate this vulnerability.
This new attack bypasses recently suggested protection mechanisms designed to stop browser-based attacks on private devices and local applications.
DEEPNESS Lab 2022 © all rights reserved
@inproceedings{Afek2023,
author = {Yehuda Afek and Anat Bremler-Barr and Dor Israeli and Alon Noy},
title = {Localhost Detour from Public to Private Networks},
booktitle = {Proceedings of The International Symposium on Cyber Security, Cryptology and Machine Learning (CSCML)},
year = {2023},
}