News / USA

US Government Warns of Hack Threat to Network Gear

x
Reuters
The U.S. Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
       
The U.S. government's Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
       
UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel's McAfee unit, said hackers would have a ``field day'' once the vulnerability in network devices is exposed.
       
"Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,'' said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
       
Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.
       
The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday.

The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm's researchers have identified with the UPnP standard.
       
The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
    
Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.
      
"This is the most pervasive bug I've ever seen,'' said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.
       
CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

Linksys said it is aware of the problem. ``We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,'' Linksys said in a statement.
       
Belkin, D-Link and Netgear did not respond to requests for comment.

Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7's findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.
       
"This definitely falls into the scary category,'' said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier.''
       
Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.
       
"Simple targets such as home routers now become targets of greater interest,'' he said.

Taking Control
       
Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.
       
He said that was unlikely to happen quickly.
       
In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.
       
Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.
       
Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.
       
People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and ``smart'' or Web-connected TVs are often shipped with that functionality turned on by default.
       
"You can't stay silent about something like this,'' he said. "These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.''

Veracode's Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.
       
"If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,'' he said.
       
Rapid7 has released a tool to help identify those devices on its website.

You May Like

Yemen Brings US, Iran Closer to Naval Face-off

US sending two more ships to waters off coast of Yemen to take part in 'maritime security operations' More

Minorities Become Majority Across US

From 2000 to 2013, minorities became the majority in 78 counties in the United States. Here's where those demographic shifts are happening More

Japan's Maglev Train Breaks Own Speed Record

Seven-car 'magnetic levitation' train traveled at more than 600 kilometers per hour during test run Tuesday More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
New Brain Mapping Techniques Could Ease Chronic Paini
X
Shelley Schlender
April 20, 2015 7:03 PM
Pain has a purpose - it can stop you from touching a flame or from walking on a broken leg. As an injury heals, the pain goes away. Usually. But worldwide, one out of every five people suffers from pain that lasts for months and years, leading to lost jobs, depression, and rising despair when medical interventions fail or health experts hint that a pain sufferer is making it up. From Boulder, Colorado, Shelley Schlender reports that new methods for mapping pain in the brain are providing validation for chronic pain and might someday guide better treatment.
Video

Video New Brain Mapping Techniques Could Ease Chronic Pain

From Boulder, Colorado, Shelley Schlender reports that new methods for mapping pain in the brain are providing validation for chronic pain and might someday guide better treatment.
Video

Video Hope, Prayer Enter Fight Against S. Africa Xenophobia

South Africa has been swept by disturbing attacks on foreign nationals. Some blame the attacks on a legacy of colonialism, while others say the economy is to blame. Whatever the cause, ordinary South Africans - and South African residents from around the world - say they're praying for the siege of violence to end. Anita Powell reports from Johannesburg.
Video

Video Italy Rescues Migrants After Separate Deadly Capsize Incident

Italy continued its massive search and rescue operation in the Mediterranean Monday for the capsized boat off the coast of Libya that was carrying hundreds of migrants, while at the same time rescuing Syrian migrants from another vessel off the coast of Sicily. Thirteen children were among the 98 Syrian migrants whose boat originated from Turkey on the perilous journey to Europe.
Video

Video New Test Set to Be Game Changer in Eradicating Malaria

The World Health Organization estimates 3.4 billion people are at risk of malaria, with children under the age of five and pregnant women being the most vulnerable. As World Malaria Day approaches (April 25), mortality rates are falling, and a new test -- well into the last stage of trials -- is having positive results in Kenya. Lenny Ruvaga reports for VOA from Nairobi.
Video

Video Are Energy Needs Putting Thailand's Natural Beauty at Risk?

Thailand's appetite for more electricity has led to the construction of new dams along the Mekong River to the north and new coal plants near the country's famous beaches in the south. A proposed coal plant in a so-called "green zone" has touched off a debate. VOA's Steve Sandford reports.
Video

Video Overwhelmed by Migrants, Italy Mulls Military Action to Stabilize Libya

Thousands more migrants have arrived on the southern shores of Italy from North Africa in the past two days. Authorities say they expect the total number of arrivals this year to far exceed previous levels, and the government has said military action in Libya might be necessary to stem the flow. VOA's Henry Ridgwell reports.
Video

Video Putin Accuses Kyiv of ‘Cutting Off’ Eastern Ukraine

Russian President Vladimir Putin, in his annual televised call-in program, again denied there were any Russian troops fighting in Ukraine. He also said the West was trying to ‘contain’ Russia with sanctions. Henry Ridgwell reports on reactions to the president’s four-hour TV appearance.
Video

Video Eye Contact Secures Dog's Place in Human Heart

Dogs serve in the military, work with police and assist the disabled, and have been by our side for thousands of years serving as companions and loyal friends. We love them. They love us in return. VOA’s Rosanne Skirble reports on a new study that looks at the bio-chemical bond that cements that human-canine connection.
Video

Video Ukrainian Volunteers Search for Bodies of Missing Soldiers

As the cease-fire becomes more fragile in eastern Ukraine, a team of volunteer body collectors travels to the small village of Savur Mohyla in the what pro-Russian separatists call the Donetsk Peoples Republic - to retrieve bodies of fallen Ukrainian servicemen from rebel-held territories. Adam Bailes traveled with the team and has this report.
Video

Video Xenophobic Violence Sweeps South Africa

South Africa, long a haven for African immigrants, has been experiencing the worst xenophobic violence in years, with at least five people killed and hundreds displaced in recent weeks. From Johannesburg, VOA’s Anita Powell brings us this report.
Video

Video Apollo 13, NASA's 'Successful Failure,' Remembered

The Apollo 13 mission in 1970 was supposed to be NASA's third manned trip to the moon, but it became much more. On the flight's 45th anniversary, astronauts and flight directors gathered at Chicago's Adler Planetarium to talk about how the aborted mission changed manned spaceflight and continues to influence space exploration today. VOA’s Kane Farabaugh reports.
Video

Video Badly Burned Ukrainian Boy Bravely Fights Back

A 9-year-old Ukrainian boy has returned to his native country after intensive treatment in the United States for life-threatening burns. Volodia Bubela, burned in a house fire almost a year ago, battled back at a Boston hospital, impressing doctors with his bravery. Faith Lapidus narrates this report from VOA's Tetiana Kharchenko.
Video

Video US Maternity Leave Benefits Much Less Than Many Countries

It was almost 20 years ago that representatives of 189 countries met at a UN conference in Beijing and adopted a plan of action to achieve gender equality around the world. Now, two decades later, the University of California Los Angeles World Policy Analysis Center has issued a report examining what the Beijing Platform for Action has achieved. From Los Angeles, Elizabeth Lee has more.
Video

Video Endangered Hawaiian Birds Get Second Chance

Of the world's nearly 9,900 bird species, 13 percent are threatened with extinction, according to BirdLife International. Among them are two Hawaiian honeycreepers - tiny birds that live in the forest canopy, and, as the name implies, survive on nectar from tropical flowers. Scientists at the San Diego Zoo report they have managed to hatch half a dozen of their chicks in captivity, raising hopes that the birds will flutter back from the brink of extinction. VOA’s George Putic reports.
Video

Video Exhibit Brings Renaissance Master Out of the Shadows

The National Gallery of Art in Washington has raised the curtain on one of the most intriguing painters of the High Renaissance. Mostly ignored after his death in the early 1500s, Italian master Piero di Cosimo is now claiming his place alongside the best-known artists of the period. VOA’s Ardita Dunellari reports.

VOA Blogs