“Today’s security software is ineffective against an emerging networking technology already in use by Apple for its Siri voice-recognition software, according to research presented at the Black Hat hacking conference this week,” Jeremy Kirk reports for IDG News Service.
“The technology, called Multipath TCP (MPTCP), is a souped-up sibling of TCP, a cornerstone Internet protocol for transferring data packets between computers. Cisco and Juniper have also put MPTCP in some of their equipment,” Kirk reports. “But while TCP can only use one connection path to send data, MPTCP can simultaneously use different connection paths, such as Wi-Fi and a mobile phone’s data connection, which results in better performance and resiliency.”
“MPTCP is still in its early days, and the Internet Engineering Task Force, which creates Internet technology standards, is still studying it. But because MPTCP is already backwards-compatible with TCP, it works, and Apple uses it for Siri,” Kirk reports. “The problem is that splitting data steams over different connection paths poses thorny issues for security technologies such as firewalls and deep packet inspection software, which are designed for regular TCP, said Catherine Pearce, a security consultant with Neohapsis.”
Much more in the full article here.
[Thanks to MacDailyNews Reader “James W.” for the heads up.]
Once again the word “Apple” is used to get attention, but the real big problem here is going to be with IOT (The Internet of Things). With your IP addressable toaster, refrigerator, and deluxe vibrator on your network bypassing your security to send info home to their creators about you, there will be issues.
Multipath TCP really speeds things up a great deal, so people are going to use it.
MPTCP makes is harder for network engineers to inspect the entire data. What the summary does not highlight is that the same concept makes it harder for people to eavesdrop on such conversation.
I had the same thoughts on reading this.
The story appears to be implying the exact opposite. It seems to be saying that your data is less protected because it’s using this newer tech. My reaction is that this multipath tech ought to be more difficult for hackers to access.
Not easier.
I think that what their worried about is that with multipath TCP they can’t block attempts to maybe upload malicious software or attacks.
Security features are broken like intrusion detection. Firewalls sometimes get confused about what’s incoming vs. outgoing data.
And then theres…
Click to access hotnets-final50.pdf
It’s not like MPTCP breaks the router. If an app isn’t MPTCP enabled then it doesn’t work as well, which might explain Siri.
Just leads to what I’ve been saying about Siri and what people have been suggesting for Apple’s so called smart watch. It won’t we a watch at all but a wearable devices that connects to Siri. Something with a mic and speaker that I wear on my person which I can communicate with Siri.
Siri will connect to all my Apple devices and third party products, allowing me to control my TV’s, stereo, lights, security, garage doors, washer/dryer, dishwasher, whatever I need to control.
My personal assistant that follows me around the in my daily activity.
What utter bollocks ! Do these bozos think Juniper (Netscreen, Checkpoint and Cisco have never heard of MPTCP\IP ?
Anything for click-bait 😡
Looking through the slide show PDF does not inspire confidence in the authors. The language is unprofessional to the point of being juvenile. (A recurring theme this month).
Examples:
– “When I saw the stuff earlier and began to look into it, I began thinking…. It got me thinking about lots of stuff., in no particular order”
– “Why do We think this is an awesome topic?”
– “There’s a surprising number of implementations”
– “Multipath Communications is awesome”
…Ad nauseam.
But it includes a lot of descriptive information indicating that MPTCP will become a source of security problems in the future. Meanwhile, I suggest the authors attend a few classes in professional English grammar, spelling and communication.