DUHK: A New Crypto Attack Discovered

Published on:
Crypto Currency Word Cloud
Research on the ‘DUHK’ cyber attack method confirmed that a particular outdated algorithm can allow hackers access to encrypted communications.

The type of hacking attempts that take place in modern times overthrow every security claim and gain access to even the most impenetrable systems such as encrypted keys.

DUHK, a short iteration of “Don’t Use Hard-coded Keys,” is the newest concept of cyber attack that has sprouted online. And just recently, cryptographers have managed to recover secret digital keys using this vulnerability.

Taking advantage of the vulnerability, hackers would be able to gain access to internet communications in a subtle manner and intercept the traffic without the knowledge of the user or the website hosting the service.

Cryptographic vulnerabilities have become quite common and instead of giving hackers the opportunity to exploit something found in the system, researchers in the field have taken the task into their own hands.

Recently, similar attacks named ROCA and KRACK were also discovered and later fixed by sending proper notifications to fix the loophole.

This time, the researchers have come up with solid evidence to prove that an attacker could gain access within a secure VPN connection and monitor everything the target user does—the attacker can view the passwords they use, as well as browsing session records and online transactions.

Your TOR usage is being watched

Such a vulnerability could potentially be exploited by law enforcement agents if they choose to read the browsing session of a particular criminal suspect in order to gather evidence to convict them of specific charges.

DUHK Attack Method Emerging

Last month, researchers discovered KRACK, an attack based on Wi-Fi networks.

A similar attack was also discovered soon after, called the ROCA factorization attack.

The DUHK attack method, on the other hand, allows a third party to gain access into VPNs (Virtual Private Networks) and other private internet setups.

It has been found within the systems of major technology companies.

In a blog post explaining their findings, researchers managed to break the encryption code to gain access to services provided by Fortinet, Cisco and TechGuard.

All of these are major brands in the security sector but they were using ANSI X9.31 RNG, which is not the best way to go about operations.

The program a pseudorandom number-generated algorithm which has proven to be outdated.

This particular setup uses a hard-coded seed key which is what the researchers hacked into so they could read every bit of information that was passed through the network.

The disadvantage of using PRNGs relies on the setup, which doesn’t generate random numbers every time but rather uses the same sequence or bits.

This allows a third party to discover the code, as it also uses the same relative values every time.

Products sold making use of this setup are also vulnerable to attacks because vendors ship products by hard-coding the source code into the items.

Any person who is an expert in reverse engineering could read the entire code and use it against the product manufacturer.

How the DUHK Attack Works

The sample DUHK attack was exposed by security experts Matthew Green, Nadia Heninger and Shaanan Cohney.

The trio suggests that the DUHK attack method allows middle-man attackers to initiate an attack out of nowhere and, if they know the seed value, they can find the current state value by making use of the data generated through outputs.

hacker working on a laptop
Hackers initiate an attack out of nowhere

When a hacker manages to gain access to both the seed value and the state value, they can eventually gain access to the encryption code and later decode the entire process to read through internet communication records easily.

By exploiting the vulnerability, any person can gain access to sensitive information including credit card details, business data, login credentials and so on, which can directly or indirectly be used against the original owner.

The usage of the ANSI X9.31 algorithm is widespread because it was among the certified algorithms used by the United States government up until 2016.

Experts warned as early as 1998 that if anyone could gain access to the seed value, they can eventually break into this particular algorithm.

They also warned against using it in the majority of devices.

However, vendors and manufacturers who hardly listen to such threats continue to use it with most of their products.

But the DUHK attack discovery could officially put an end to using the particular algorithm as hard-coded seed keys allow attackers to decrypt encrypted communications and read the information being passed over.

The researchers who found the vulnerability hail from the University of Pennsylvania and Johns Hopkins University.

They published a detailed paper, created a dedicated website to demonstrate the attack and posted samples of how they retrieved information from Fortinet devices using the vulnerability.

The team further advised that manufacturers should avoid leaving hard-coded seed keys in their products which creates a backdoor for hackers.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.