Terrapin’s Threat: 11 Million SSH Servers at Risk of Data Manipulation

Researchers have calculated that nearly 11 million SSH servers on the internet are vulnerable to Terrapin attacks, which allow data manipulation during the handshake process, ultimately compromising the integrity of the SSH channel when using certain widely used encryption modes.

In December last year, experts from the Ruhr University in Bochum discussed the Terrapin issues. The attack described by the specialists enables the deletion or alteration of messages transmitted within the communication channel, leading to a downgrade in the level of public key algorithms used for user authentication, or to a complete disabling of protection against timing attacks based on keystroke timing analysis in OpenSSH 9.5. As a result, Terrapin diminishes the security of the connection by manipulating negotiation messages in such a way that neither the client nor the server notices.

For the interception and modification of the handshake, the attacker must pre-occupy a network position akin to a man-in-the-middle (MiTM), and the connection must be secured either through ChaCha20-Poly1305 or CBC with Encrypt-then-MAC.

Analysts at Shadowserver have now warned that approximately 11 million SSH servers (by the count of unique IP addresses) in the network are vulnerable to Terrapin attacks.

Thus, about 52% of all scanned samples in the IPv4 and IPv6 spaces are vulnerable. The most vulnerable systems were identified in the USA (3.3 million), followed by China (1.3 million), Germany (1 million), Russia (700,000), Singapore (390,000), and Japan (380,000).

Although not all of the 11 million vulnerable servers are at immediate risk of attack, the Shadowserver report vividly demonstrates that malefactors have a wide range of targets to choose from.

The researchers remind that a scanner for detecting Terrapin vulnerabilities is published on GitHub, allowing administrators to determine if their SSH client or server is vulnerable to this attack.