2012-appelbaum-technical
findings extracted from this paper
-
BlueCoat's commercial DPI hardware/software, deployed in Syria, was confirmed capable of detecting and blocking Ultrasurf connections. BlueCoat logs recovered from Syria additionally exposed real Ultrasurf user behavior, including unproxied traffic leaking to non-Ultrasurf servers before and after bootstrapping completed.
-
An attacker with DNS spoofing capability — the paper cites the GFW explicitly — can respond to Ultrasurf DNS discovery queries before legitimate resolvers and inject crafted CNAME records that fully control the client's single-hop path selection. In code paths where peer verification is skipped ('SkipverifyQ0' log entries), this enables complete traffic interception without any cryptographic break.
-
Ultrasurf confirmed to the researcher that its protocol has no forward secrecy and uses RC4 without any integrity check (no MAC or HMAC). This means all recorded ciphertext can be retrospectively decrypted once a session key is recovered, and the stream is trivially malleable — both properties confirmed by the UltraReach team during disclosure.
-
Because Ultrasurf is a single-hop proxy where client ingress and remote web-server egress share the same IP address, any web server contacted through the network can log and report the proxy IP. The paper notes an attacker running a popular web server for a short time would passively harvest the full set of Ultrasurf server addresses for subsequent IP-list blocking.
-
Ultrasurf's DNS bootstrapping phase uses subdomain names that are always exactly 16 characters between delimiters and exclusively target .info TLDs, producing a constant byte-width network signature. The paper concludes that filtering this bootstrapping traffic is straightforward even without reverse engineering the client binary, as the client itself acts as a network discovery oracle for censors observing its connections.