1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News US CERT warns of serious UPnP router vulnerability

Discussion in 'Article Discussion' started by Gareth Halfacree, 30 Jan 2013.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,992
    Likes Received:
    2,118
  2. greigaitken

    greigaitken Member

    Joined:
    26 Aug 2009
    Posts:
    403
    Likes Received:
    4
    I was hoping to wake to "googe launches new monster graphics card that indexes web when not in use - therefore free for everyone" instead, i got "your router might be helping the baddies"
     
  3. ShinyAli

    ShinyAli New Member

    Joined:
    14 Sep 2012
    Posts:
    288
    Likes Received:
    9
    Comments on the white paper:

    "Exploit checker released with this article requires JAVA to be installed on the computer.... but we already deleted Java per recommendations of exploitable flaws"...:rolleyes:

    Why has this taken so long to be made so public is it because so much tech is now connectable using UPnP, everything from phones to smart TV's (Oh no, has google been tracking what TV programs I watch :worried:) use it as most people are not going to be port forwarding their routers to allow these devices internet access.

    From what I have been reading on this subject IT Admins never allow UPnP anyway as they are obviously aware of the vulnerability so it's mainly home users and the ports UPnP uses (UDP port 1900 and TCP port 2869) are not common ports which you would have open to the internet anyway.

    With so many machines seemingly vulnerable why has this exploit not been used more or have people just not realized that it has been used? Surely if it was so easy to access a machine via UPnP then hackers would use this method rather than trying to get malware on PC's which can then often open ports and allow access?

    The fact that UPnP remains active even when apparently disabled in some routers is a concern so might be worth doing a port check at "Shields Up" to confirm that the ports are closed after being disabled in your router.
     
  4. ShinyAli

    ShinyAli New Member

    Joined:
    14 Sep 2012
    Posts:
    288
    Likes Received:
    9
    Strange, any mention of peoples privacy/info having been compromised by the likes of google, accidentaly or intentionally, and the stuff hits the fan but when a truly dangerous exploit/vulnerabilty is proven to exist in tens of million of PC's/routers hardly anyone has anything to say on the matter, guess we all need a big "evil" name to blame these days :lol:
     
  5. l3v1ck

    l3v1ck Fueling the world, one oil well at a time.

    Joined:
    23 Apr 2009
    Posts:
    12,945
    Likes Received:
    17
    Gibson research have been banging on about uPnP years on their website for years. I'm surprised the US government (of all people) has taken this long to realise its potential security thread.
     
  6. ShinyAli

    ShinyAli New Member

    Joined:
    14 Sep 2012
    Posts:
    288
    Likes Received:
    9
    Yes they have I forgot to mention that when I recommended a port check at Shields Up which I have been using/reading for years:duh:
     
  7. jb0

    jb0 Active Member

    Joined:
    8 Apr 2012
    Posts:
    507
    Likes Received:
    72
    I'm amused that the "security threat" boils down to "the internet works like it's actually supposed to again."

    NAT is not a security feature, it was never intended AS a security feature, and the "security" it provides is an unintentional side-effect of broken basic functionality.
     

Share This Page