IPv6 keeps getting hacked on Windows

A critical flaw in IPV six has just been discovered. It affects all Windows users, so Mac and Linux, one point for you, and it allows hackers to remotely access your system without you doing anything. All hackers have to do is send a specially crafted IPV six packet to your system and they'll use an integer underflow to trigger a buffer overflow.

And before you know it, you're drowning. New authentication, low complexity. It's kind of a nightmare and it's how IPV six works.

That makes it even scarier. Now get your coffee ready. We're going to talk about IPV six, not because it's boring, but you just need coffee to learn.

It is required. Now, IPV six, it was supposed to save the internet and it did. Now, why did it need saving?

Well, because everything on the internet needs an IP address. If it wants to talk from website servers to phones to toilets, everything needs an IP address. But here's the problem.

We ran out, we ran out of the IPV for addresses. You probably recognize these. They look like this or this.

There were only 4. 3 billion of them I know, not nearly enough. And we ran out.

We dealt with that in two ways, IPV six and NAT or network address translation. Now this was cool because we could give all the devices in our home network reusable private IP addresses that are not ratable on the internet, and then give our router one unique public IPV four address. Every time any one of your devices visited something on the internet, they would use this public IP address as their IP address instead of the private one.

Essentially translating it network address translation. And if something wanted to talk back, vice versa. Now this works great.

It's how your house operates. It's how your business operates, and it's great for security because we have this boundary right here, this NAT translation that prevents most things from beginning into your network and accessing your devices directly. That's just the default security behavior with this.

But with IPD six, it doesn't necessarily do this. And that was our other solution to running out of our 4. 3 billion IPD four addresses because IPV six has this many, it's going to take me a while to write this.

It has this many or 340 sillion to Killian. How do you say. That?

Unci. It looks like this. And we have so many of them that we're handing them out like candy.

Now this should scare you because your device probably has an IPV six address right now, and these could potentially be accessed by anyone from anywhere because they're publicly routable and may not be protected by the nat barrier like we saw with IPV four private addresses. So for example, I couldn't just connect to a device like this with this private IP address. By the way, comment below if that's your IP address.

I'm actually curious to see how many people have this same IP address. Please do it. But if I were a bad news hacker up here sipping my coffee, hacking the world, there's no way for me to easily reach you directly.

I would have to talk to this address which belongs to this router and it would have to agree to let me talk to you. It's like having security or a bouncer at the door. But with IPV six, your toilet might have this IPV six global Uncast address and I could connect directly to it and hack your toilet.

Wouldn't that be weird? And now you're really drowning taking that joke too far. Now, how do you find out if you have an IPV six address?

Let's do that right now and Windows, go ahead and launch a terminal app. Go to the search bar and type in terminal there. It's and type in one command IP config.

Scroll up a bit until you find your network adapter. Mine is right here. If you have IPV six enabled, which pretty much everyone does, you'll have an address like this, an I PV six address.

Here's mine. I'm done. I'm cooked.

What am I going to do? Before you freak out, take a sip of coffee And know that there are different types of IPV six addresses. For example, this one right here, notice the link local part.

It'll start with FE eight zero. And this is not publicly routable, right? But if you see something that starts with a two or a three, so it could be 2001 or 3001, those would be what's called A GUA Global UNCAST address.

And those types of IPV six addresses are publicly routable, meaning that anyone on the internet can reach you potentially, but not in every case. There's a bit of a nuance there. We can do a test though.

I've got a link below. There's a website called test ipv six. com.

Really handy right now. I'll go ahead and navigate there. And this will very quickly test your IPV six connectivity.

And notice right here it's seeing no IPV six address detected. Because I don't have one that I'm using to access the internet. The only one I have is Link Local that's generated by my operating system.

Now this is simply because my ISP with their router is only configured to hand out IPV four addresses, but many, many ISPs are now handing out IPV six. Now, while this website does give you a good idea of your IPV six connectivity, take it with a grain of salt. I don't know your system.

It could still be vulnerable. So here in a moment, we're going to break down two things. First, how is it that IPV six is hackable?

What's happening? How are hackers able to actually take advantage of the T CCP IP stack? Then we'll also break down some mitigation.

How do you avoid this? How do you make your system not vulnerable? That's how you say it, right?

Yeah, I think so. Essentially, how do you keep yourself safe? Now, before we move on to how this hack is possible and how a hacker can take control of your computer without you even knowing, let's talk about another attack vector.

Your passwords. I just read a story this morning. Let me find it real quick.

Oh, right here. Hacker locks, unicorn staff out of Google accounts for four days. A hacker compromised unicorn's Google Workspace.

I keep saying unicorn and changed all the passwords for all employees, locking them out of their accounts. Again, for days, that scares me because I use Google Workspace and I'm betting you, they haven't released how this happened, but I bet you someone got their password leaks somehow and it could have been any number of their employees. So what am I doing to protect myself?

I use Dashlane. Dashlane is a sponsor of this video, and I'm a customer, both personal and for business. With Dashlane, I can make sure that all my employees are using unique passwords.

We're also scanning the dark web to see if their passwords have been leaking to a database for any recent breaches or hacks. And I get a health score for all of them. I don't put this kind of stuff to chance.

Also, I think another way this could have been avoided, I'm assuming, is using two-factor authentication. Dashlane has got built in two-factor authentication that I love because it's right here in your browser or your phone or wherever it is, because Dashlane can be installed anywhere. I love the fact that with one tool, I can put my password in and then you get my two FA code right there.

I can also share that login with anyone on my team, including the two fa, which normally is a massive pain point. Do you ever get those texts when people are trying to log into your stuff that you share with them? Hey, do you have that two-factor authentication code?

Did you get a text? That's so annoying, right? But Dashlane, I don't have to worry about that.

They also recently implemented passkey support, which in most cases will be more secure than a password, and I've been using that anywhere I can. So let today be the day that you actually take control of your passwords, both for yourself, your family, and your business. Don't let them get hacked and don't let yourself get hacked.

It's the simple stuff, the small stuff that you got to worry about. Sweat the small stuff. Take care of this right now.

So check out the link of the description and use my code network check 50. You'll get 50% off at checkout. So now that we have your passwords taken care of, let's talk about IPV six.

Okay, IPV six, how it's getting hacked. Now, getting to you is half the battle and that's already done. The hacker doesn't need credentials or any kind of special access.

They can reach you directly. They'll start with this, an IPV six packet. They'll craft it special just for you.

Baking in some hacking sauce. Is that what I'm going to call it? I don't know.

This packet is specifically designed and tailored to attack your system and exploit this flaw, and they'll just start sending them a lot of them. Why not? And watch what happens when these packets arrive at the vulnerable system.

Your toilet, the operating system using the T-C-P-I-P stack will start to process this packet. When it receives it, it'll come in on your ethernet cable or over wifi. And as it moves through each layer going from physical to data link to network, the operating system is essentially unwrapping it, removing layers called de encapsulation.

And it's when it arrives at the network layer that things get kind of scary. And by the way, if you want to learn more about networks and the T CCP IP model and the OSI model, I've got a video somewhere around here breaking all that down. It's amazingly fun.

Now the network layer is where the IPV six header will be analyzed, telling your computer how the package should be routed and where the payload should be sent. Now it's this payload that's going to get us in trouble because this is what the hacker's going to mess with. Now, what's the payload?

Well, you're watching this YouTube video right now, and you could actually be receiving IPV six packets. So each time I move, each frame would be a payload video data inside an IPV six packet. So it's the stuff that it's sending.

The hacker will exploit this payload to trigger something called an integer underflow. Now, this is seriously so fun. Watch this.

I don't know how people figure this out, hackers. I don't know, man. They're crazy.

Now, while your toilet or your computer is processing this packet, it's got to put the payload somewhere temporarily while it's working through some stuff. It's called the buffer, and it's kind of like a box. So depending on the size of the payload, your computer toilet will find a box that's big enough to hold it.

This will be a calculation. So the payloads DA big. Let's make this box a bit bigger.

yasi good to go. Now to that calculation, this is where the hackers get you. They exploit the process of your computer figuring out how big the box needs to be.

What? No, check this out. Imagine we have a number line and we're working with how computers think right now, zero through 10.

And let's say we're sitting at zero, and then you ask me to subtract one or go back one. Where would I be? Well, you might think, well, Chuck, we're going to be negative one.

Right? Wrong. Our number line can't do negative one and neither can computers.

What will happen is we might wrap around to the greatest value, go to 10, or sometimes it jumps to a small positive number in the year zero. This wrapping around confusing the junk out of the computer is called an in integer. I can't ever say this right, integer, underflow, so hard to say.

Essentially, the hacker's trying to confuse the computer as it's calculating the size for a box. And the goal is to make it calculate the wrong size, specifically a very small size. So for example, we might need a box this big for the payload, which might be a hundred bytes in size, but the hacker confuses the computer and it makes a box way too small like two bytes.

Why would you do that? Computer? You're crazy.

And the computer will try to fit the payload into the box. It'll actually give a college try, but it won't fit, and it ends up spilling out everywhere. And this is dangerous because the payload, the data is spilling into areas of the memory it's not supposed to go to.

And when that happens, it could potentially overwrite parts of the memory. So for the hacker, they're like, yes, I'm going to overwrite that part of the memory. They can redirect the program's execution flow to their malicious code, essentially taking control of the system.

Now, I'm not sure if I mentioned this before, but this whole process here where the buffer is too small, the box is too small for the data that's trying to be written to it or stored in it, and it spills out all over the other memory. That's called a buffer overflow, a very popular hacking technique. So we used an in integer underflow to cause a buffer overflow.

Now, what's crazy is that this isn't very hard to do. It's low complexity. It's easy to execute.

It allows remote code execution, and the user doesn't have to do anything to make this happen. They don't have to click on a phishing email. They don't have to download free RAM from the internet.

They're just sitting there receiving ipv six packets as they should. Your Windows computer is receiving IPV six packets and processing them like it's designed to, but there's a flaw in the way it processes that, the way it encapsulates or opens up that packet and the hackers manipulate that and exploit it. Now, what's even scarier about this is that it's possibly worm able or self-replicating, meaning that once one computer has been attacked and effectively exploited, that same computer can be used to scan other computers on its own network, use that same attack against them, ascending, malicious ipv six packets.

That's exactly how WannaCry spread. It took advantage of a vulnerability inside the SMB protocol and spread to other computers on the same network. Okay, so that's kind of amazing, but also really scary.

So what do you do about it? How can you protect yourself? Two things.

First, Microsoft already released an update to fix this flaw. If you're not aware, Microsoft has this thing called Patch Tuesday where they release security updates and patches for Windows on Tuesdays, and it's in the security update that they announced. They found this flaw and it wasn't the only thing that was fixed.

This is a normal thing for Microsoft to do, by the way. And if we scroll down a bit more, we can find our boy. There he is.

It is critical, but can be solved with a simple update. So please update your system. Now, the other way to solve this is simply disabling IPV six, which you can do.

Now, you might be thinking, Chuck, why? That's the future. That's how we're solving the IPV four address exhaustion problem.

Yes, but we're kind of slow at adopting that. We don't like change, and we love ipv four. I mean, I know I do.

I'm not switching my networks to IPV six, at least not privately. And unless your network engineer is crazy and put all of your networks on IPV six, like a madman, you should be fine. Unless according to Microsoft, you're using Windows Vista or Windows Server 2008 and newer versions, disabling IPV six or its components may break some things.

So if you're at work and you're unsure, go ahead and ask your IT person. If you're at home, you're probably okay, but here's how you disable IPV six. It's a very simple process here in Windows.

We'll search for control panel and click on that. Next, we'll jump into Network and sharing center. And then right here you should see an adapter that you're using a network adapter or a Nick.

We'll want to disable IPV six on that interface. It'll be per interface. So we'll jump in there.

We'll click on properties and you'll see a bunch of things with check boxes next to him. You'll even see, Hey, there's your buddy ipv four. Leave him alone.

Protect him at all costs. But right here you'll see IPV six. Go ahead and uncheck that, and you just disabled IPV six, click on.

Okay, and that's it. You may want to reboot to make sure things take effect. That normally helps.

Rebooting always helps everything, but if you're run into any issues, just go back in there. And if you're really worried about it, just keep it enabled to make sure you keep yourself up to date with the newest Microsoft updates. Now, I say that IPD six is kind of not new to having issues.

That was a terrible way to say that. IPD six is not a stranger to vulnerabilities. There was the ping of death vulnerability, which just sounds awesome.

The ping of death, which took advantage of how the Windows T CCP IP stack again and properly handled I-C-M-P-V six router advertisement packets. Essentially, we could ping a computer and gain remote code execution, which by the way, CEEs are like one of the worst vulnerabilities to have. There was an IPV six denial of service attack or vulnerability, and these are all fairly recent, relatively recent.

And there was another RCE found in a flaw with DHCP version six. So what's up with IPV six? Why is it always getting attacked?

Why are there so many flaws? Well, it's relatively new. It didn't become a standard until 2017, and even with that, we were kind of hesitant about rolling it out.

It's weird, it's complicated, and we're still in the widespread adoption phase now. As you can see, a lot of our computers already support it, but we don't actually use it mainly because IPV four is way easier. We're familiar with it, but IPV six is kind of awesome.

It has a bunch of new features, a bunch of security. By default, it's got things like neighbor discovery, stateless address config, meaning your computer can configure its own IPV six address based on its own MAC address. It's got extension headers and all those are amazing and cool, but they're also new attack factors.

The more features we can use, the more features hackers can hack. And honestly, network engineers and developers are kind of unfamiliar with a lot of what IPV six can do. Now, don't get me wrong, they know what it's, but they don't know it.

Like IPV four. Adding to that, we're also kind of running dual stack right now, and when I say kind of, we are meaning that we're running both IPV four and IPV six and most cases. And the way those can interact with each other can also introduce more attack vectors, more issues.

So for a while, the best practice has been to just disable ipv six because we're not using it right now. We don't really need it. It's not necessary, at least for a private network.

And for now, that's probably safe for you to do too. Anyways, that's all I got. I'll catch you guys in the next video.