bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 30th Jan 2013, 11:54   #1
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,393
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
US CERT warns of serious UPnP router vulnerability

Bad implementation leaves data at risk.
http://www.bit-tech.net/news/bits/20...30/upnp-vuln/1
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is offline   Reply With Quote
Old 30th Jan 2013, 12:45   #2
greigaitken
Supermodder
 
Join Date: Aug 2009
Posts: 284
greigaitken has yet to learn the way of the Dremel
I was hoping to wake to "googe launches new monster graphics card that indexes web when not in use - therefore free for everyone" instead, i got "your router might be helping the baddies"
greigaitken is offline   Reply With Quote
Old 30th Jan 2013, 13:47   #3
ShinyAli
Supermodder
 
ShinyAli's Avatar
 
Join Date: Sep 2012
Location: UK
Posts: 288
ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!
Comments on the white paper:

"Exploit checker released with this article requires JAVA to be installed on the computer.... but we already deleted Java per recommendations of exploitable flaws"...

Why has this taken so long to be made so public is it because so much tech is now connectable using UPnP, everything from phones to smart TV's (Oh no, has google been tracking what TV programs I watch ) use it as most people are not going to be port forwarding their routers to allow these devices internet access.

From what I have been reading on this subject IT Admins never allow UPnP anyway as they are obviously aware of the vulnerability so it's mainly home users and the ports UPnP uses (UDP port 1900 and TCP port 2869) are not common ports which you would have open to the internet anyway.

With so many machines seemingly vulnerable why has this exploit not been used more or have people just not realized that it has been used? Surely if it was so easy to access a machine via UPnP then hackers would use this method rather than trying to get malware on PC's which can then often open ports and allow access?

The fact that UPnP remains active even when apparently disabled in some routers is a concern so might be worth doing a port check at "Shields Up" to confirm that the ports are closed after being disabled in your router.
ShinyAli is offline   Reply With Quote
Old 30th Jan 2013, 21:48   #4
ShinyAli
Supermodder
 
ShinyAli's Avatar
 
Join Date: Sep 2012
Location: UK
Posts: 288
ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!
Strange, any mention of peoples privacy/info having been compromised by the likes of google, accidentaly or intentionally, and the stuff hits the fan but when a truly dangerous exploit/vulnerabilty is proven to exist in tens of million of PC's/routers hardly anyone has anything to say on the matter, guess we all need a big "evil" name to blame these days
ShinyAli is offline   Reply With Quote
Old 1st Feb 2013, 09:57   #5
l3v1ck
really joined on Dec 24th 2004.
 
l3v1ck's Avatar
 
Join Date: Apr 2009
Location: The Right Side of the Pennines
Posts: 12,895
l3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremel
Gibson research have been banging on about uPnP years on their website for years. I'm surprised the US government (of all people) has taken this long to realise its potential security thread.
__________________
Quote:
Originally Posted by Sifter3000
We swung the banhammer in his little stupid spamming face
The old Dennis Forums (CPC, PC Pro, Mac User etc) - Meeting Place lives on. You're welcome to visit it HERE
l3v1ck is offline   Reply With Quote
Old 1st Feb 2013, 13:04   #6
ShinyAli
Supermodder
 
ShinyAli's Avatar
 
Join Date: Sep 2012
Location: UK
Posts: 288
ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!ShinyAli - it's over 9000!!!!!!!!1!1!1!!!
Quote:
Originally Posted by l3v1ck View Post
Gibson research have been banging on about uPnP years on their website for years. I'm surprised the US government (of all people) has taken this long to realise its potential security thread.
Yes they have I forgot to mention that when I recommended a port check at Shields Up which I have been using/reading for years
ShinyAli is offline   Reply With Quote
Old 3rd Feb 2013, 07:55   #7
jb0
Minimodder
 
Join Date: Apr 2012
Posts: 46
jb0 has yet to learn the way of the Dremel
I'm amused that the "security threat" boils down to "the internet works like it's actually supposed to again."

NAT is not a security feature, it was never intended AS a security feature, and the "security" it provides is an unintentional side-effect of broken basic functionality.
jb0 is offline   Reply With Quote
Reply

Tags
dlna, firewall, nat, rapid 7, router, security, upnp, us cert, vulnerability

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 20:56.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.