News / USA

US Government Warns of Hack Threat to Network Gear

x
Reuters
The U.S. Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
       
The U.S. government's Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
       
UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel's McAfee unit, said hackers would have a ``field day'' once the vulnerability in network devices is exposed.
       
"Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,'' said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
       
Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.
       
The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday.

The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm's researchers have identified with the UPnP standard.
       
The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
    
Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.
      
"This is the most pervasive bug I've ever seen,'' said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.
       
CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

Linksys said it is aware of the problem. ``We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,'' Linksys said in a statement.
       
Belkin, D-Link and Netgear did not respond to requests for comment.

Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7's findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.
       
"This definitely falls into the scary category,'' said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier.''
       
Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.
       
"Simple targets such as home routers now become targets of greater interest,'' he said.

Taking Control
       
Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.
       
He said that was unlikely to happen quickly.
       
In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.
       
Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.
       
Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.
       
People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and ``smart'' or Web-connected TVs are often shipped with that functionality turned on by default.
       
"You can't stay silent about something like this,'' he said. "These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.''

Veracode's Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.
       
"If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,'' he said.
       
Rapid7 has released a tool to help identify those devices on its website.

You May Like

Hong Kong Democracy Calls Spread to Macau

Macau and Hong Kong are China’s two 'special administrative regions' which gives them a measure of autonomy More

After Nearly 2 Years, Pistorius Remains Elusive

Reporter Anita Powell reflects on her experience covering the Olympic athlete's murder trial More

Kenyan Coastal Town Struggles With Deadly June Attacks

Three months after al-Shabab militants allegedly attacked their town, some Mpeketoni residents are still bitter, question who was really behind the assaults More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Obama to Ramp Up Anti-Ebola Efforts in Africai
X
Luis Ramirez
September 15, 2014 11:01 PM
President Barack Obama on Tuesday will unveil his plan to ramp up efforts against the spread of the Ebola virus in Africa. VOA White House Correspondent Luis Ramirez reports.
Video

Video Obama to Ramp Up Anti-Ebola Efforts in Africa

President Barack Obama on Tuesday will unveil his plan to ramp up efforts against the spread of the Ebola virus in Africa. VOA White House Correspondent Luis Ramirez reports.
Video

Video West Trades Accusations Over Ransoms

As world leaders try to forge a common response to the threat posed by Islamic State militants in Iraq and Syria, there is simmering tension over differing policies on paying ransoms. In the past month, the jihadist group has beheaded two Americans and one Briton. Both countries refuse to pay ransom money. As Henry Ridgwell reports for VOA from London, there is uncertainty in the approach of some other European nations.
Video

Video Scotland Independence Bid Stokes Global Interest

The people of Scotland are preparing to vote on whether to become independent and break away from the rest of Britain, in a referendum being watched carefully in many other countries. Some see it as a risky experiment; while others hope a successful vote for independence might energize their own separatist demands. Foreign immigrants to Scotland have a front row seat for the vote. VOA’s Henry Ridgwell spoke to some of them in Edinburgh.
Video

Video Washington DC Mural Artists Help Beautify City

Like many cities, Washington has a graffiti problem. Buildings and homes, especially in low-income neighborhoods, are often targets of illegal artwork. But as we hear from VOA’s Julie Taboh, officials in the nation's capital have come up with an innovative program that uses the talents of local artists to beautify the city.
Video

Video US Muslim Leaders Condemn Islamic State

Leaders of America's Muslim community are condemning the violent extremism of the Islamic State group in Iraq and Syria. The U.S. Muslim leaders say militants are exploiting their faith in a failed effort to justify violent extremism. VOA correspondent Meredith Buel reports.
Video

Video Americans' Reaction Mixed on Obama Strategy for Islamic State Militants

President Barack Obama’s televised speech on how the United States plans to “degrade and destroy” the group known as the Islamic State reached a prime-time audience of millions. And it came as Americans appear more willing to embrace a bolder, tougher approach to foreign policy. VOA producer Katherine Gypson and reporter Jeff Seldin have this report from Washington.
Video

Video Authorities Allege LA Fashion Industry-Cartel Ties

U.S. officials say they have broken up crime rings that funneled tens of millions of dollars from Mexican drug cartels through fashion businesses in Los Angeles. Mike O'Sullivan reports that authorities announced nine arrests, as 1,000 law enforcement agents fanned out through the city on Wednesday.
Video

Video Bedouin Woman Runs Successful Business in Palestinian City

A Bedouin woman is breaking social taboos by running a successful vacation resort in the Palestinian town of Jericho. Bedouins are a sub-group of Arabs known for their semi-nomadic lifestyle. Zlatica Hoke says the resort in the West Bank's Jordan Valley is a model of success for women in the region.


Carnage and mayhem are part of daily life in northern Nigeria, the result of a terror campaign by the Islamist group Boko Haram. Fears are growing that Nigeria’s government may not know how to counter it, and may be making things worse. More

AppleAndroid