News / USA

US Government Warns of Hack Threat to Network Gear

x
Reuters
The U.S. Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
       
The U.S. government's Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
       
UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel's McAfee unit, said hackers would have a ``field day'' once the vulnerability in network devices is exposed.
       
"Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,'' said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
       
Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.
       
The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday.

The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm's researchers have identified with the UPnP standard.
       
The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
    
Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.
      
"This is the most pervasive bug I've ever seen,'' said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.
       
CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

Linksys said it is aware of the problem. ``We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,'' Linksys said in a statement.
       
Belkin, D-Link and Netgear did not respond to requests for comment.

Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7's findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.
       
"This definitely falls into the scary category,'' said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier.''
       
Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.
       
"Simple targets such as home routers now become targets of greater interest,'' he said.

Taking Control
       
Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.
       
He said that was unlikely to happen quickly.
       
In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.
       
Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.
       
Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.
       
People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and ``smart'' or Web-connected TVs are often shipped with that functionality turned on by default.
       
"You can't stay silent about something like this,'' he said. "These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.''

Veracode's Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.
       
"If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,'' he said.
       
Rapid7 has released a tool to help identify those devices on its website.

You May Like

Obama: Alaskans Feel Signs of Climate Change

They're seeing bigger storm surges as sea ice melts, more wildfires, erosion of glaciers, shorelines More

Katrina Brought Enduring Changes to New Orleans

The city’s recovery is the result of the people and culture the city is famous for, as well as newcomers and start-up industries More

Magical Photo Slides Show Native Americans in Late 1800s

Walter McClintock spent 20 years photographing the Blackfoot Indians and their vanishing culture at the dawn of the modern age More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Colombians Flee Venezuela as Border Crisis Escalatesi
X
August 27, 2015 2:08 AM
Hundreds of Colombians have fled Venezuela since last week, amid an escalating border crisis between the two countries. Last week, Venezuelan President Nicolas Maduro ordered the closure of a key border crossing after smugglers injured three Venezuelan soldiers and a civilian. The president also ordered the deportation of Colombians who are in Venezuela illegally. Zlatica Hoke reports.
Video

Video Colombians Flee Venezuela as Border Crisis Escalates

Hundreds of Colombians have fled Venezuela since last week, amid an escalating border crisis between the two countries. Last week, Venezuelan President Nicolas Maduro ordered the closure of a key border crossing after smugglers injured three Venezuelan soldiers and a civilian. The president also ordered the deportation of Colombians who are in Venezuela illegally. Zlatica Hoke reports.
Video

Video Is China's Economic Data Accurate?

Some investors say China's wild stock market gyrations have been made worse by worries about the reliability of that nation's economic data. And some critics say the reports can mislead investors by painting an unrealistically-strong picture of the economy. A key China scholar says Beijing is not fudging ((manipulating)) the numbers, but that the economy is evolving quickly from smoke-stack industries to services, and the ways of tracking new economic activity are falling behind the change. V
Video

Video Next to Iran, Climate at Forefront of Obama Agenda

President Barack Obama this week announced new initiatives aimed at making it easier for Americans to access renewable energy sources such as solar and wind. Obama is not slowing down when it comes to pushing through climate change measures, an issue he says is the greatest threat to the country’s national security. VOA correspondent Aru Pande has more from the White House.
Video

Video Shipping Containers Provide Experimental Housing

Housing prices around the San Francisco Bay area are out of reach for many people, so some young entrepreneurs, artists and tech industry workers are creating their own houses using converted shipping containers. But as VOA's Mike O’Sullivan reports from Oakland, the effort requires ingenuity and dealing with restrictive local laws.
Video

Video Arctic Draws International Competition for Oil

A new geopolitical “Great Game” is underway in earth’s northernmost region, the Arctic, where Russia has claimed a large area for resource development and President Barack Obama recently approved Shell Oil Company’s test-drilling project in an area under U.S. control. Greg Flakus reports.
Video

Video Philippine Maritime Police: Chinese Fishermen a Threat to Country’s Security

China and the Philippines both claim maritime rights in the South China Sea.  That includes the right to fish in those waters. Jason Strother reports on how the Philippines is catching Chinese nationals it says are illegal poachers. He has the story from Palawan province.
Video

Video Technique May Eliminate Drill-and-Fill Dental Care

Many people dread visiting dentists because they're afraid of drills. Now, however, a technology developed by a British firm promises to eliminate the need for mechanical cleaning of dental cavities by speeding a natural process of tooth repair. VOA’s George Putic reports.
Video

Video China's Spratly Island Building Said to Light Up the Night 'Like A City'

Southeast Asian countries claim China has illegally seized territory in the Spratly islands. It is especially a concern for a Philippine mayor who says Beijing is occupying parts of his municipality. Jason Strother reports from the capital of Palawan province, Puerto Princesa.
Video

Video Ages-old Ice Reveals Secrets of Climate Change

Ice caps don't just exist at the world's poles. There are also tropical ice caps, and the largest sits atop the Peruvian Andes - but it is melting, quickly, and may be gone within the next 20 years. George Putic reports scientists are now rushing to take samples to get at the valuable information about climate change locked in the ice.
Video

Video French Experiment in Integrating Roma Under Threat

Plans to destroy France’s oldest slum have sparked an outcry on the part of its Roma residents. As Lisa Bryant reports from the Paris suburb of La Courneuve, rights groups argue the community is a fledgling experiment on integrating Roma who are often outcasts in many parts of Europe.
Video

Video Kenyans Turn to Agriculture for Business

Each year Kenyan universities continue to churn out graduates for the job market despite the already existing high rate of unemployment among youth in the country. Some of these young men and women have realized that agriculture can be as rewarding as any other business or job, and they are resorting to agribusiness in large numbers as a way of tackling unemployment. Rael Ombuor reports for VOA.
Video

Video First Women Graduate Elite Army Ranger School

Two women are making history for the U.S. Army by proving they are among the toughest of the tough. VOA's Carla Babb reports from Fort Benning, Georgia as 94 men and those two women rise as graduates of the difficult Ranger school.

VOA Blogs