HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Massive security hole let...
Introducing Discussionist: A new forum by the creators of DU

Wed Jan 30, 2013, 04:18 PM

Massive security hole lets hackers control millions of cameras, printers and routers

Source: Raw Story

A newly discovered exploit in a technology standard known as “universal plug and play” (UPnP) is big enough that hackers on the Internet could remotely access and control “millions” of compatible devices like cameras, printers and routers, security researchers said Tuesday.

Researchers working for the security firm Rapid7 said they found bugs in the UPnP standard that exposes personal devices to being remotely accessed and controlled. That means an enterprising hacker could, say, exploit the bug to print unwanted messages on a personal printer, or turn on a webcam unbeknownst to the owner.

A hole this large has likely already been exploited on a selective, individual basis, researchers warned, noting that something like 40 to 50 million network devices make use of UPnP.

Rapid7′s announcement was confirmed Tuesday night by the United States Computer Emergency Readiness Team (US-CERT), which warned that “hundreds of vendors” that supply network-enabled hardware rely upon UPnP, including major firms like Cisco’s Linksys, D-Link, Belkin and Netgear. The agency recommended those manufacturers begin immediately updating their software to close the vulnerability — a process which could take months.




Read more: http://www.rawstory.com/rs/2013/01/30/massive-security-hole-lets-hackers-control-millions-of-cameras-printers-and-routers/

14 replies, 2709 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 14 replies Author Time Post
Reply Massive security hole lets hackers control millions of cameras, printers and routers (Original post)
IDemo Jan 2013 OP
DainBramaged Jan 2013 #1
ProfessionalLeftist Feb 2013 #8
benld74 Jan 2013 #2
RILib Jan 2013 #3
Hekate Feb 2013 #11
truthisfreedom Feb 2013 #12
dixiegrrrrl Feb 2013 #13
ProfessionalLeftist Jan 2013 #4
reACTIONary Jan 2013 #6
ProfessionalLeftist Feb 2013 #7
AmyDeLune Jan 2013 #5
ProfessionalLeftist Feb 2013 #10
Xithras Feb 2013 #14
Ian Iam Feb 2013 #9

Response to IDemo (Original post)

Wed Jan 30, 2013, 04:50 PM

1. The problem is, the system has to be so badly compromised that they could attack a singular PC

There were holes discovered in Barracuda networks hardware recently, all because they source product from China instead of the US.


https://krebsonsecurity.com/2013/01/backdoors-found-in-barracuda-networks-gear/


variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.

Barracuda’s hardware devices are broadly deployed in corporate environments, including the Barracuda Web Filter, Message Archiver, Web Application Firewall, Link Balancer, and SSL VPN. Stefan Viehböck, a security researcher at Vienna, Austria-based SEC Consult Vulnerability Lab., discovered in November 2012 that these devices all included undocumented operating system accounts that could be used to access the appliances remotely over the Internet via secure shell (SSH).

Viehböck found that the username “product” could be used to login and gain access to the device’s MySQL database (root@localhost) with no password, which he said would allow an attacker to add new users with administrative privileges to the appliances. SEC Consult found a password file containing a number of other accounts and hashed passwords, some of which were uncomplicated and could be cracked with little effort.

Viehböck said he soon found that these devices all were configured out-of-the-box to listen for incoming SSH connections on those undocumented accounts, but that the devices were set to accept connection attempts only from Internet address ranges occupied by Barracuda Networks. Unfortunately, Barracuda is not the only occupant of these ranges. Indeed, a cursory lookup of the address ranges at network mapping site Robtex.com shows there are potentially hundreds of other companies running Web sites and other online operations in the same space.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to DainBramaged (Reply #1)

Fri Feb 1, 2013, 12:44 AM

8. As I understand it, This has nothing to to with the UPnP bug

It's a different issue, it seems.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to IDemo (Original post)

Wed Jan 30, 2013, 05:04 PM

2. I can SEE you!!!!!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to IDemo (Original post)

Wed Jan 30, 2013, 06:17 PM

3. You don't have a piece of tape over your webcam?

 

Remote control that, hackers.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RILib (Reply #3)

Fri Feb 1, 2013, 02:43 AM

11. Post-It note

Have done so ever since I read about how they can be turned on remotely. Ew.

If I want to Skype someone, the Post-It is easy to remove.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RILib (Reply #3)

Fri Feb 1, 2013, 02:57 AM

12. I have a piece of tape with tinfoil in the middle over my webcam.

And I'm not kidding.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RILib (Reply #3)

Fri Feb 1, 2013, 11:40 AM

13. I feel left out..I don't seem to have a web cam.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to IDemo (Original post)

Wed Jan 30, 2013, 10:34 PM

4. Scan your home router from the internet with this tool:

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ProfessionalLeftist (Reply #4)

Thu Jan 31, 2013, 09:35 PM

6. I would never direct a tool on the internet to scan my anything. (nt)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to reACTIONary (Reply #6)

Fri Feb 1, 2013, 12:39 AM

7. Suit yourself. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to IDemo (Original post)

Wed Jan 30, 2013, 10:48 PM

5. Oh Noes!!1!

Strange peoples could be watching me read the internets while eating M&M's!!1!!
(remind self to yawn and pick nose more often...)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AmyDeLune (Reply #5)

Fri Feb 1, 2013, 01:06 AM

10. It's a little more serious than that...

" at least 23 million of the devices are susceptible to full takeover by hackers, potentially becoming a jumping-off point for an attack on the victim’s network behind any firewall."

http://www.forbes.com/sites/andygreenberg/2013/01/29/disable-a-protocol-called-upnp-on-your-router-now-to-avoid-a-serious-set-of-security-bugs/

The tools by by Rapid 7, the security firm that discovered the issue (I linked to one of them above), are worth using, besides disabling UPnP on your devices.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AmyDeLune (Reply #5)

Fri Feb 1, 2013, 12:08 PM

14. In addition to the other comments...

...many people, like myself, have uPnP printers that store many of our printed documents. I can pull up any of the last 25 documents I've printed and reprint them without my computer even being on. If someone gets uPnP control of my printer, they can see everything I print.

That's not a showstopper for me, but I know plenty of small business owners who print payroll and other "sensitive" documents from their printers, who could be devastated by a remote breach like this.

The routers may be a bigger concern though. If they can breach your router, they can potentially intercept every bit of traffic on your network. That might include VoIP phone calls, traffic from wifi connected phones and devices, AND your M&M munching browsing sessions.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to IDemo (Original post)

Fri Feb 1, 2013, 12:54 AM

9. You do know where this is leading, don't you?

 

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread