News / USA

US Government Warns of Hack Threat to Network Gear

x
Reuters
The U.S. Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
       
The U.S. government's Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
       
UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel's McAfee unit, said hackers would have a ``field day'' once the vulnerability in network devices is exposed.
       
"Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,'' said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
       
Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.
       
The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday.

The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm's researchers have identified with the UPnP standard.
       
The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
    
Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.
      
"This is the most pervasive bug I've ever seen,'' said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.
       
CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

Linksys said it is aware of the problem. ``We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,'' Linksys said in a statement.
       
Belkin, D-Link and Netgear did not respond to requests for comment.

Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7's findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.
       
"This definitely falls into the scary category,'' said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier.''
       
Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.
       
"Simple targets such as home routers now become targets of greater interest,'' he said.

Taking Control
       
Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.
       
He said that was unlikely to happen quickly.
       
In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.
       
Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.
       
Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.
       
People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and ``smart'' or Web-connected TVs are often shipped with that functionality turned on by default.
       
"You can't stay silent about something like this,'' he said. "These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.''

Veracode's Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.
       
"If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,'' he said.
       
Rapid7 has released a tool to help identify those devices on its website.

You May Like

On Everest, Helicopters Rescue Stranded Climbers

Choppers transport some of more than 100 mountaineers trapped after deadly quake, avalanches More

Video Ten Years After Riots, France Searches for Answers to Neglected Suburbs

In 2005, a Paris suburb exploded into violence after two teenagers were electrocuted as they hid from police; since then, somethings have changed, others not More

US, Japan Announce Historic Revision of Defense Cooperation Guidelines

Nations say new guidelines will be 'cornerstone for peace and security' in Asia-Pacific region while also serving as 'platform for a more stable international security environment' More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
‘Angel of the Migrants’ Helps Desperate Syrians Arriving in Europei
X
Henry Ridgwell
April 26, 2015 10:36 PM
Waves of migrants are continuing to arrive on the shores of southern Italy from North Africa. After their dangerous journey across the Mediterranean, they face an unknown future in Europe. In the Sicilian city of Catania there is an activist dedicated to helping the refugees on their journey.
Video

Video ‘Angel of the Migrants’ Helps Desperate Syrians Arriving in Europe

Waves of migrants are continuing to arrive on the shores of southern Italy from North Africa. After their dangerous journey across the Mediterranean, they face an unknown future in Europe. In the Sicilian city of Catania there is an activist dedicated to helping the refugees on their journey.
Video

Video Ten Years After Riots, France Searches for Answers to Neglected Suburbs

January’s terrorist attacks and fears of more to come are casting a spotlight on France’s neglected suburbs. Home to many immigrants, and sometimes hubs of crime, they were rocked by rioting a decade ago. Lisa Bryant visited the Paris suburb of Clichy-sous-Bois, where the 2005 violence first broke out, and has this report about what has changed and what has not.
Video

Video Gay Marriage Goes Before US Supreme Court

This week, the U.S. Supreme Court will hear arguments on whether gay people have a constitutional right to marriage. VOA’s Michael Bowman reports, the case could lead to the nationwide legalization of same-sex marriage, or a continuation of the status quo in which individual states decide whether to recognize gay unions.
Video

Video Study: Insecticide Damaging Wild Bee Populations

A popular but controversial type of insecticide is damaging important wild bee populations, according to a new study. VOA’s Steve Baragona has more.
Video

Video Data Servers Could Heat Private Homes

As every computer owner knows, when their machines run a complex program they get pretty hot. In fact, cooling the processors can be expensive, especially when you're dealing with huge banks of computer servers. But what if that energy could heat private homes? VOA’s George Putic reports that a Dutch energy firm aims to do just that.
Video

Video Cinema That Crosses Borders Showcased at Tribeca Film Festival

Among the nearly 100 feature length films being shown at this year’s Tribeca Film Festival in New York City are more than 20 documentaries and features with international appeal, from a film about a Congolese businessman in China, to documentaries shot in Pakistan and diaspora communities in the U.S., to a poetic look at disaffected South African youth. VOA’s Carolyn Weaver has more.
Video

Video UN Confronts Threat of Young Radicals

The radicalization and recruitment of young people into Islamist extremist groups has become a growing challenge for governments worldwide. On Thursday, the U.N. Security Council heard from experts on the issue, which has become a potent threat to international peace and security. VOA’s Margaret Besheer reports.
Video

Video Growing Numbers of Turks Discover Armenian Ancestry

In a climate of improved tolerance, growing numbers of people in Turkey are discovering their grandmothers were Armenian. Hundreds of thousands of Armenians escaped the mass deportations and slaughter of the early 1900's by forced conversion to Islam. Or, Armenian children were taken in by Turkish families and assimilated. Now their stories are increasingly being heard. Dorian Jones reports from Istanbul that the revelations are viewed as an important step.
Video

Video Migrants Trek Through Western Balkans to Reach EU

Migrants from Africa and other places are finding different routes into the European Union in search of a better life. The Associated Press followed one clandestine group to document their trek through the western Balkans to Hungary. Zlatica Hoke reports that the migrants started using that route about four years ago. Since then, it has become the second-most popular path into Western Europe, after the option of sailing from North Africa to Italy.
Video

Video US Businesses See Cuba as New Frontier

The Obama administration's opening toward Cuba is giving U.S. companies hope they'll be able to do business in Cuba despite the continuation of the U.S. economic embargo against the communist nation. Some American companies have been able to export some products to Cuba, but the recent lifting of Cuba's terrorism designation could relax other restrictions. As VOA's Daniela Schrier reports, corporate heavy hitters are lining up to head across the Florida Straits - though experts urge caution.
Video

Video Kenya Launches Police Recruitment Drive After Terror Attacks

Kenya launched a major police recruitment drive this week as part of a large-scale effort to boost security following a recent spate of terror attacks. VOA’s Gabe Joselow reports that allegations of corruption in the process are raising old concerns about the integrity of Kenya’s security forces.
Video

Video Japan, China in Race for Asia High-Speed Rail Projects

A lucrative competition is underway in Asia for billions of dollars in high-speed rail projects. Cambodia, India, Indonesia, Malaysia Thailand and Vietnam are among the countries planning to move onto the fast track. They are negotiating with Japan and the upstart Chinese who are locked in a duel to revolutionize transportation across Asia. VOA Correspondent Steve Herman in Bangkok has details.
Video

Video Scientists: Mosquitoes Attracted By Our Genes

Some people always seem to get bitten by mosquitoes more than others. Now, scientists have proved that is really the case - and they say it’s all because of genes. It’s hoped the research might lead to new preventative treatments for diseases like malaria, as Henry Ridgwell reports from London.
Video

Video Bible Museum Coming to Washington DC

Washington is the center of American political power and also home to some of the nation’s most visited museums. A new one that will showcase the Bible has skeptics questioning the motives of its conservative Christian funders. VOA religion correspondent Jerome Socolovsky reports.
Video

Video Afghan First Lady Pledges No Roll Back on Women's Rights

Afghan First Lady Rula Ghani, named one of Time's 100 Most Influential, says women should take part in talks with Taliban. VOA's Rokhsar Azamee has more from Kabul.

VOA Blogs