This work analyzes the prandom PRNG used in the Linux/android kernel, and its use for generating UDP source ports, IPv6 flow labels, and IPv4 IDs. The paper demonstrates attacks which infer the internal state of prandom from one OSI layer, and use it to predict values employed by another OSI layer. This enables to mount a very efficient DNS cache poisoning attack against Linux, and to track Linux and Android devices.
Posted by