News / USA

    US Government Warns of Hack Threat to Network Gear

    x
    Reuters
    The U.S. Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
           
    The U.S. government's Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
           
    UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel's McAfee unit, said hackers would have a ``field day'' once the vulnerability in network devices is exposed.
           
    "Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,'' said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
           
    Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.
           
    The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday.

    The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm's researchers have identified with the UPnP standard.
           
    The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
        
    Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.
          
    "This is the most pervasive bug I've ever seen,'' said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.
           
    CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

    Linksys said it is aware of the problem. ``We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,'' Linksys said in a statement.
           
    Belkin, D-Link and Netgear did not respond to requests for comment.

    Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7's findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.
           
    "This definitely falls into the scary category,'' said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier.''
           
    Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.
           
    "Simple targets such as home routers now become targets of greater interest,'' he said.

    Taking Control
           
    Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.
           
    He said that was unlikely to happen quickly.
           
    In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.
           
    Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.
           
    Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.
           
    People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and ``smart'' or Web-connected TVs are often shipped with that functionality turned on by default.
           
    "You can't stay silent about something like this,'' he said. "These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.''

    Veracode's Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.
           
    "If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,'' he said.
           
    Rapid7 has released a tool to help identify those devices on its website.

    You May Like

    Turkey, US Splits Deepen Over Support for Kurdish Militants

    Ankara summons American ambassador to protest remarks by State Department spokesman who said Washington does not consider Syria's Kurdish Democracy Union Party (PYD) a terrorist organization

    Obama Seeking $19 Billion for National Cybersecurity

    Move, touted as attempt to build broad, cohesive federal response to cyberthreats, calls for increase in cybersecurity spending across all government agencies

    Video Foreign Policy Weighs Heavy for Some US Voters

    VOA talks to protesters in Manchester, New Hampshire, who sound off on foreign policy issues such as the Guantanamo Bay prison, the Israeli-Palestinian conflict and the wars in Iraq, Syria and Yemen

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Valentine's Day Stinks for Lebanese Clownsi
    X
    February 09, 2016 8:04 PM
    This weekend, on Valentine's Day in Lebanon, love is not the only thing in the air. More than half a year after the country's trash crisis began, the stink of uncollected garbage remains on the streets. Step forward "Clown Me In," a group of clowns who use their skills for activism. Before the most romantic day of the year the clowns have released their unusual take on love in Lebanon -- in a bid to keep the pressure up and get the trash off the streets. John Owens reports from Beirut.
    Video

    Video Valentine's Day Stinks for Lebanese Clowns

    This weekend, on Valentine's Day in Lebanon, love is not the only thing in the air. More than half a year after the country's trash crisis began, the stink of uncollected garbage remains on the streets. Step forward "Clown Me In," a group of clowns who use their skills for activism. Before the most romantic day of the year the clowns have released their unusual take on love in Lebanon -- in a bid to keep the pressure up and get the trash off the streets. John Owens reports from Beirut.
    Video

    Video Rocky Year Ahead for Nigeria Amid Oil Price Crash

    The global fall in the price of oil has rattled the economies of many petroleum exporters, and Africa’s oil king Nigeria is no exception. As Chris Stein reports from Lagos, analysts are predicting a rough year ahead for the continent’s top producer of crude.
    Video

    Video Foreign Policy Weighs Heavy for Some US Voters

    VOA talks to protesters in Manchester, New Hampshire who sound off on foreign policy issues such as the Guantanamo Bay Prison, the Israeli-Palestinian conflict, Middle East Affairs and national security.
    Video

    Video 'No Means No' Program Targets Sexual Violence in Kenya

    The organizers of an initiative to reduce and stop rape in the informal settlements around Kenya's capital say their program is having marked success. Girls are taking self-defense classes while the boys are learning how to protect the girls and respect them. Lenny Ruvaga reports from Nairobi.
    Video

    Video New Hampshire Voters Are Independent, Mindful of History

    Once every four years, the northeastern state of New Hampshire becomes the center of the U.S. political universe with its first-in-the-nation presidential primary. What's unusual about New Hampshire is how seriously the voters take their role and the responsibility of being among the first to weigh in on the candidates.
    Video

    Video Chocolate Lovers Get a Sweet History Lesson

    Observed in many countries around the world, Valentine’s Day is sometimes celebrated with chocolate festivals. But at a festival near Washington, the visitors experience a bit more than a sugar rush. They go on a sweet journey through history. VOA’s June Soh takes us to the festival.
    Video

    Video 'Smart' Bandages Could Heal Wounds More Quickly

    Simple bandages are usually seen as the first line of attack in healing small to moderate wounds and burns. But scientists say new synthetic materials with embedded microsensors could turn bandages into a much more valuable tool for emergency physicians. VOA’s George Putic reports.
    Video

    Video Bhutanese Refugees in New Hampshire Closely Watching Primary Election

    They fled their country and lived in refugee camps in neighboring Nepal for decades before being resettled in the northeastern U.S. state of New Hampshire -- now the focus of the U.S. presidential contest. VOA correspondent Aru Pande spoke with members of the Bhutanese community, including new American citizens, about the campaign and the strong anti-immigrant rhetoric of some of the candidates.
    Video

    Video Researchers Use 3-D Printer to Produce Transplantable Body Parts

    Human organ transplants have become fairly common around the world in the past few decades. Researchers at various universities are coordinating their efforts to find solutions -- including teams at the University of Pennsylvania and Rice University in Houston that are experimenting with a 3-D printer -- to make blood vessels and other structures for implant. As VOA’s Greg Flakus reports from Houston, they are also using these artificial body parts to seek ways of defeating cancerous tumors.
    Video

    Video Helping the Blind 'See' Great Art

    There are 285 million blind and visually impaired people in the world who are unable to enjoy visual art at a museum. One New York photographer is trying to fix this situation by making tangible copies of the world’s masterpieces. VOA correspondent Victoria Kupchinetsky was there as visually impaired people got a feel for great art. Joy Wagner narrates her report.
    Video

    Video German Artists to Memorialize Refugees With Life Jacket Exhibit

    Sold in every kind of shop in some Turkish port towns, life jackets have become a symbol of the refugee crisis that brought a million people to Europe in 2015.  On the shores of Lesbos, Greece, German artists collect discarded life jackets as they prepare an art installation they plan to display in Germany.  For VOA, Hamada Elrasam has this report from Lesbos, Greece.
    Video

    Video E-readers Help Ease Africa's Book Shortage

    Millions of people in Africa can't read, and there's a chronic shortage of books. A non-profit organization called Worldreader is trying to help change all that one e-reader at a time. VOA’s Deborah Block tells us about a girls' school in Nairobi, Kenya where Worldreader is making a difference.
    Video

    Video Genius Lets World Share Its Knowledge

    Inspired by crowdsourcing companies like Wikipedia, Genius allows anyone to edit anything on the web, using its web annotation tool
    Video

    Video In Philippines, Mixed Feelings About Greater US Military Presence

    In the Philippines, some who will be directly affected by a recent Supreme Court decision clearing the way for more United States troop visits are having mixed reactions.  The increased rotations come at a time when the Philippines is trying to build up its military in the face of growing maritime assertiveness from China.  From Bahile, Palawan on the coast of the South China Sea, Simone Orendain has this story.