News / USA

    US Government Warns of Hack Threat to Network Gear

    x
    Reuters
    The U.S. Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
           
    The U.S. government's Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
           
    UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel's McAfee unit, said hackers would have a ``field day'' once the vulnerability in network devices is exposed.
           
    "Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,'' said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
           
    Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.
           
    The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday.

    The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm's researchers have identified with the UPnP standard.
           
    The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
        
    Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.
          
    "This is the most pervasive bug I've ever seen,'' said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.
           
    CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

    Linksys said it is aware of the problem. ``We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,'' Linksys said in a statement.
           
    Belkin, D-Link and Netgear did not respond to requests for comment.

    Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7's findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.
           
    "This definitely falls into the scary category,'' said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier.''
           
    Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.
           
    "Simple targets such as home routers now become targets of greater interest,'' he said.

    Taking Control
           
    Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.
           
    He said that was unlikely to happen quickly.
           
    In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.
           
    Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.
           
    Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.
           
    People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and ``smart'' or Web-connected TVs are often shipped with that functionality turned on by default.
           
    "You can't stay silent about something like this,'' he said. "These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.''

    Veracode's Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.
           
    "If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,'' he said.
           
    Rapid7 has released a tool to help identify those devices on its website.

    You May Like

    Video Rubio Looks to Surge in New Hampshire

    Republican presidential candidate has moved into second place in several recent surveys and appears to be gaining ground on longtime frontrunner Donald Trump

    UN Calls for Global Ban on Female Genital Mutilation

    Recent UNICEF report finds at least 200 million girls and women alive today have undergone female genital mutilation in 30 countries

    UN Pilots New Peace Approach in CAR

    Approach launched in northern town of Kaga Bandoro, where former combatants of mainly Muslim Seleka armed group and Christian and animist anti-Balaka movement are being paid to do community work

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    German Artists to Memorialize Refugees With Life Jacket Exhibiti
    X
    Hamada Elsaram
    February 05, 2016 4:30 PM
    Sold in every kind of shop in some Turkish port towns, life jackets have become a symbol of the refugee crisis that brought a million people to Europe in 2015.  On the shores of Lesbos, Greece, German artists collect discarded life jackets as they prepare an art installation they plan to display in Germany.  For VOA, Hamada Elrasam has this report from Lesbos, Greece.
    Video

    Video German Artists to Memorialize Refugees With Life Jacket Exhibit

    Sold in every kind of shop in some Turkish port towns, life jackets have become a symbol of the refugee crisis that brought a million people to Europe in 2015.  On the shores of Lesbos, Greece, German artists collect discarded life jackets as they prepare an art installation they plan to display in Germany.  For VOA, Hamada Elrasam has this report from Lesbos, Greece.
    Video

    Video E-readers Help Ease Africa's Book Shortage

    Millions of people in Africa can't read, and there's a chronic shortage of books. A non-profit organization called Worldreader is trying to help change all that one e-reader at a time. VOA’s Deborah Block tells us about a girls' school in Nairobi, Kenya where Worldreader is making a difference.
    Video

    Video Genius Lets World Share Its Knowledge

    Inspired by crowdsourcing companies like Wikipedia, Genius allows anyone to edit anything on the web, using its web annotation tool
    Video

    Video Former Drug CEO Martin Shkreli Angers US Lawmakers

    A former U.S. pharmaceutical business executive has angered lawmakers by refusing to explain why he raised the price of a life-saving pill by 5,000 percent. Martin Shkreli was removed from a congressional hearing on Thursday after citing his Fifth Amendment right to stay silent. Zlatica Hoke has more.
    Video

    Video Super Bowl TV Commercials are Super Business for Advertisers

    The Super Bowl, the championship clash between the two top teams in American Football, is the most-watched sporting event of the year, and advertisers are lining up and paying big bucks to get their commercials on the air. In fact, the TV commercials during the Super Bowl have become one of the most anticipated and popular features of the event. VOA's Brian Allen has a sneak peek of what you can expect to see when the big game goes to commercial break, and the real entertainment begins.
    Video

    Video In Philippines, Mixed Feelings About Greater US Military Presence

    In the Philippines, some who will be directly affected by a recent Supreme Court decision clearing the way for more United States troop visits are having mixed reactions.  The increased rotations come at a time when the Philippines is trying to build up its military in the face of growing maritime assertiveness from China.  From Bahile, Palawan on the coast of the South China Sea, Simone Orendain has this story.
    Video

    Video Microcephaly's Connection to Zika: Guilty Until Proven Innocent

    The Zika virus rarely causes problems for the people who get it, but it seems to be having a devastating impact on babies whose mothers are infected with Zika. VOA's Carol Pearson has more.
    Video

    Video Solar Innovation Provides Cheap, Clean Energy to Kenya Residents

    In Kenya, a company called M-Kopa Solar is providing clean energy to more than 300,000 homes across East Africa by allowing customers to "pay-as-you-go" via their cell phones. As Lenny Ruvaga reports from Kangemi, customers pay a small deposit for a solar unit and then pay less than a dollar a day to get clean energy to light up their homes or businesses.
    Video

    Video Stunning Artworks Attract Record Crowds, Thanks to Social Media

    A new exhibit at the oldest art museum in America is shattering attendance records. Thousands of visitors are lining up to see nine giant works of art that have gotten a much-deserved shot of viral marketing. The 150-year-old Smithsonian American Art Museum has never had a response quite like this. VOA's Julie Taboh reports.
    Video

    Video Apprenticeships Put Americans on Path Back to Work

    Trying to get more people into the U.S. workforce, the Obama administration last year announced $175 million in grants towards apprenticeship programs. VOA White House correspondent Aru Pande went inside one training center outside of Washington that has gained national recognition for helping put people on the path to employment.
    Video

    Video New Material May Reduce Concussion Effects

    As the 2016 National Football League season reaches its summit at the Super Bowl this coming Sunday (2/7), scientists are trying to learn how to more effectively protect football players from dangerous and damaging concussions. Researchers at Cardiff and Cambridge Universities say their origami-based material may solve the problem. VOA’s George Putic reports.
    Video

    Video Saudi Arabian Women's Sports Chip Away at Stereotypes

    Saudi Arabian female athletes say that sports are on the front line of busting traditions that quash women’s voices, both locally and internationally. In their hometown of Jeddah, a group of basketball players say that by connecting sports to health issues, they are encouraging women and girls to get out of their homes and participate in public life. VOA’s Heather Murdock reports.
    Video

    Video A Year Later, Fortunes Mixed for Syrians Forging New Lives in Berlin

    In April of last year, VOA followed the progress of six young Syrian refugees -- four brothers and their two friends -- as they made their way from Libya to Italy by boat, and eventually to Germany. Reporter Henry Ridgwell caught up with the refugees again in Berlin, as they struggle to forge new lives amid the turmoil of Europe's refugee crisis.
    Video

    Video Zika Virus May be Hard to Stop

    With the Zika virus spreading rapidly, the World Health Organization Monday declared Zika a global health emergency. As Alberto Pimienta reports, for many governments and experts, the worst is yet to come.