Researchers have discovered a number of security issues related to the new HTTP/2 protocol which could place millions of websites at risk of attack.
On Wednesday at Black Hat USA, cybersecurity firm Imperva released new research into a number of high-profile flaws found within the latest version of HTTP, HTTP/2, which underpins the worldwide web's underlying protocols and communication systems.
The report, HTTP/2: In-depth analysis of the top four flaws of the next generation web protocol (.PDF), details four main vulnerabilities and attack vectors related to HTTP/2, of which adoption is steadily increasing.
According to W3Techs, 8.7 percent of all websites -- roughly 85 million -- have adopted the new standard, which is meant to improve how browsers and servers communicate, speeding up the online experience.
The attack vectors discovered include:
"The general web performance improvements and specific enhancements for mobile applications introduced in HTTP/2 are a potential boon for internet users," said Amichai Shulman, co-founder and CTO of Imperva.
"However, releasing a large amount of new code into the wild in a short time creates an excellent opportunity for attackers," Shulman added. "While it is disturbing to see known HTTP 1.x threats introduced in HTTP/2, it's hardly surprising. As with all new technology, it is important for businesses to perform due diligence and implement safeguards to harden the extended attack surface and protect critical business and consumer data from ever-evolving cyber threats."
In related news, at Black Hat, Rapid7 security researcher Weston Hacker demonstrated a $6 tool which can be used to compromise and break into keycard-based hotel rooms.