[Demo] Device Tracking via Linux's New TCP Source Port Selection Algorithm (CVE-2022-32296)
This is a demo of a device tracking technique for Linux-based devices based on Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. This algorithm is used in Linux for selecting TCP source ports starting from kernel version 5.12-rc1. The Linux kernel issue is tracked as CVE-2022-32296.
The demo shows that a consistent device ID is generated cross browser privacy modes (normal vs. incognito) and cross networks (IPv4/IPv6). On the right side of the screen the tracking server output can be seen, while on the left side you can the two Google Chrome windows.
For full details and analysis of the attack, please refer to our paper "Device Tracking via Linux's New TCP Source Port Selection Algorithm" by Moshe Kol, Amit Klein and Yossi Gilad, to be presented on USENIX Security '23.
An extended version of the paper is available on https://arxiv.org/pdf/2209.12993.pdf
Full source code is available on GitHub: https://github.com/0xkol/rfc6056-device-tr...