bit-tech.net

Gareth Halfacree · 30th Jan 2013, 09:54

Bad implementation leaves data at risk.
http://www.bit-tech.net/news/bits/20...30/upnp-vuln/1

greigaitken · 30th Jan 2013, 10:45

I was hoping to wake to "googe launches new monster graphics card that indexes web when not in use - therefore free for everyone" instead, i got "your router might be helping the baddies"

ShinyAli · 30th Jan 2013, 11:47

Comments on the white paper:

"Exploit checker released with this article requires JAVA to be installed on the computer.... but we already deleted Java per recommendations of exploitable flaws"...

Why has this taken so long to be made so public is it because so much tech is now connectable using UPnP, everything from phones to smart TV's (Oh no, has google been tracking what TV programs I watch

) use it as most people are not going to be port forwarding their routers to allow these devices internet access.

From what I have been reading on this subject IT Admins never allow UPnP anyway as they are obviously aware of the vulnerability so it's mainly home users and the ports UPnP uses (UDP port 1900 and TCP port 2869) are not common ports which you would have open to the internet anyway.

With so many machines seemingly vulnerable why has this exploit not been used more or have people just not realized that it has been used? Surely if it was so easy to access a machine via UPnP then hackers would use this method rather than trying to get malware on PC's which can then often open ports and allow access?

The fact that UPnP remains active even when apparently disabled in some routers is a concern so might be worth doing a port check at "Shields Up" to confirm that the ports are closed after being disabled in your router.

ShinyAli · 30th Jan 2013, 19:48

Strange, any mention of peoples privacy/info having been compromised by the likes of google, accidentaly or intentionally, and the stuff hits the fan but when a truly dangerous exploit/vulnerabilty is proven to exist in tens of million of PC's/routers hardly anyone has anything to say on the matter, guess we all need a big "evil" name to blame these days

l3v1ck · 1st Feb 2013, 07:57

Gibson research have been banging on about uPnP years on their website for years. I'm surprised the US government (of all people) has taken this long to realise its potential security thread.

ShinyAli · 1st Feb 2013, 11:04

Quote:

Originally Posted by l3v1ck

Gibson research have been banging on about uPnP years on their website for years. I'm surprised the US government (of all people) has taken this long to realise its potential security thread.

Yes they have I forgot to mention that when I recommended a port check at Shields Up which I have been using/reading for years

jb0 · 3rd Feb 2013, 05:55

I'm amused that the "security threat" boils down to "the internet works like it's actually supposed to again."

NAT is not a security feature, it was never intended AS a security feature, and the "security" it provides is an unintentional side-effect of broken basic functionality.

30th Jan 2013, 09:54	#1
Gareth Halfacree WIIGII! bit-tech Staff Join Date: Dec 2007 Location: Bradford, UK Posts: 1,904	US CERT warns of serious UPnP router vulnerability Bad implementation leaves data at risk. http://www.bit-tech.net/news/bits/20...30/upnp-vuln/1 __________________ Co-author, Raspberry Pi User Guide, Meet the Raspberry Pi \| gareth.halfacree.co.uk \| twitter bit-tech news correspondent, Custom PC columnist I'm a filthy freelancer! Hire me!

30th Jan 2013, 11:47	#3
ShinyAli Supermodder Join Date: Sep 2012 Location: UK Posts: 288	Comments on the white paper: "Exploit checker released with this article requires JAVA to be installed on the computer.... but we already deleted Java per recommendations of exploitable flaws"... Why has this taken so long to be made so public is it because so much tech is now connectable using UPnP, everything from phones to smart TV's (Oh no, has google been tracking what TV programs I watch ) use it as most people are not going to be port forwarding their routers to allow these devices internet access. From what I have been reading on this subject IT Admins never allow UPnP anyway as they are obviously aware of the vulnerability so it's mainly home users and the ports UPnP uses (UDP port 1900 and TCP port 2869) are not common ports which you would have open to the internet anyway. With so many machines seemingly vulnerable why has this exploit not been used more or have people just not realized that it has been used? Surely if it was so easy to access a machine via UPnP then hackers would use this method rather than trying to get malware on PC's which can then often open ports and allow access? The fact that UPnP remains active even when apparently disabled in some routers is a concern so might be worth doing a port check at "Shields Up" to confirm that the ports are closed after being disabled in your router. __________________ Al-13 Duplicity, Dual Mobo Scratch build

30th Jan 2013, 19:48	#4
ShinyAli Supermodder Join Date: Sep 2012 Location: UK Posts: 288	Strange, any mention of peoples privacy/info having been compromised by the likes of google, accidentaly or intentionally, and the stuff hits the fan but when a truly dangerous exploit/vulnerabilty is proven to exist in tens of million of PC's/routers hardly anyone has anything to say on the matter, guess we all need a big "evil" name to blame these days __________________ Al-13 Duplicity, Dual Mobo Scratch build

bit-tech.net

Site Links

Our Other Sites

30th Jan 2013, 10:45	#2
greigaitken Multimodder Join Date: Aug 2009 Posts: 236	I was hoping to wake to "googe launches new monster graphics card that indexes web when not in use - therefore free for everyone" instead, i got "your router might be helping the baddies"

3rd Feb 2013, 05:55	#7
jb0 What's a Dremel? Join Date: Apr 2012 Posts: 19	I'm amused that the "security threat" boils down to "the internet works like it's actually supposed to again." NAT is not a security feature, it was never intended AS a security feature, and the "security" it provides is an unintentional side-effect of broken basic functionality.