Researchers Find Critical Flaw in China’s New QUIC-Blocking Great Firewall
China’s attempt to tighten control over internet traffic by expanding the Great Firewall to block the QUIC protocol has backfired, according to a new academic study that exposes a weakness serious enough to be used against the country’s own networks.
What the researchers uncovered
A joint team from the Great Firewall Report project, Stanford University, the University of Massachusetts Amherst, and the University of Colorado Boulder analysed Beijing’s recently deployed system for censoring Quick UDP Internet Connections, or QUIC. They discovered that the firewall decrypts QUIC handshake packets at scale, then filters connections with a domain-based block list. This heavy inspection adds computational overhead, and under moderate traffic loads the firewall begins to drop or miss packets, which reduces its effectiveness.
A vulnerability that can be weaponised
Because the filter relies on stateless, easily spoofed UDP packets, the paper shows how attackers could turn the mechanism into a denial-of-service tool that blocks any UDP traffic between China and the wider internet, including global DNS resolvers. The authors warn that defending against such attacks while still censoring QUIC will require careful engineering.
Circumvention already underway
The team has coordinated with open-source projects to build work-arounds. Fixes have been merged into Mozilla Firefox, the quic-go library, and several other QUIC-based circumvention tools, allowing users to tunnel QUIC traffic in ways the firewall cannot easily detect.
Why China targets QUIC
QUIC, created at Google in 2012, now carries at least ten per cent of global web traffic and underpins many services from Google and Meta, both already banned in mainland China. Extending censorship to the protocol was therefore seen as a logical next step, yet the new weakness shows the difficulty of balancing sophisticated inspection with network stability.
What happens next
China has not commented on the findings. The researchers say that until the flaw is fixed, the Great Firewall’s QUIC filter remains a liability that outside actors could exploit to cause large-scale outages. Meanwhile, the race between censors and circumvention developers continues, with the study’s authors calling for greater transparency and international scrutiny of national-level filtering systems.
Photo Credit: DepositPhotos.com