News / USA

    US Government Warns of Hack Threat to Network Gear

    x
    Reuters
    The U.S. Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
           
    The U.S. government's Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
           
    UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel's McAfee unit, said hackers would have a ``field day'' once the vulnerability in network devices is exposed.
           
    "Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,'' said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
           
    Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.
           
    The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday.

    The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm's researchers have identified with the UPnP standard.
           
    The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
        
    Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.
          
    "This is the most pervasive bug I've ever seen,'' said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.
           
    CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

    Linksys said it is aware of the problem. ``We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,'' Linksys said in a statement.
           
    Belkin, D-Link and Netgear did not respond to requests for comment.

    Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7's findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.
           
    "This definitely falls into the scary category,'' said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier.''
           
    Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.
           
    "Simple targets such as home routers now become targets of greater interest,'' he said.

    Taking Control
           
    Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.
           
    He said that was unlikely to happen quickly.
           
    In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.
           
    Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.
           
    Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.
           
    People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and ``smart'' or Web-connected TVs are often shipped with that functionality turned on by default.
           
    "You can't stay silent about something like this,'' he said. "These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.''

    Veracode's Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.
           
    "If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,'' he said.
           
    Rapid7 has released a tool to help identify those devices on its website.

    You May Like

    US Leaders Who Served in Vietnam War Look Back and Ahead

    In New York Times opinion piece, Secretary of State John Kerry, Senator John McCain and former Senator Bob Kerrey say as US strengthens relations with Vietnam, it is important to remember lessons learned from war

    Who Are US Allies in Fight Against Islamic State?

    There is little but opportunism keeping coalition together analysts warn — SDFs Arab militias are not united even among themselves, frequently squabble and don’t share Kurds' vision for post-Assad Syria

    Learning Foreign Language Helps US Soldiers Bridge Culture Gap

    Effective interaction with local populations part of everyday curriculum at Monterey, California, Defense Language Institute

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Vietnamese-American Youth Optimistic About Obama's Visit to Vietnami
    X
    Elizabeth Lee
    May 22, 2016 6:04 AM
    U.S. President Barack Obama's visit to Vietnam later this month comes at a time when Vietnam is seeking stronger ties with the United States. Many Vietnamese Americans, especially the younger generation, are optimistic Obama’s trip will help further reconciliation between the two former foes. Elizabeth Lee has more from the community called "Little Saigon" located south of Los Angeles.
    Video

    Video Vietnamese-American Youth Optimistic About Obama's Visit to Vietnam

    U.S. President Barack Obama's visit to Vietnam later this month comes at a time when Vietnam is seeking stronger ties with the United States. Many Vietnamese Americans, especially the younger generation, are optimistic Obama’s trip will help further reconciliation between the two former foes. Elizabeth Lee has more from the community called "Little Saigon" located south of Los Angeles.
    Video

    Video First-generation, Afghan-American Student Sets Sights on Basketball Glory

    Their parents are immigrants to the United States. They are kids who live between two worlds -- their parents' homeland and the U.S. For many of them, they feel most "American" at school. It can be tricky balancing both worlds. In this report, produced by Beth Mendelson, Arash Arabasadi tells us about one Afghan-American student who seems to be coping -- one shot at a time.
    Video

    Video Newest US Citizens, Writing the Next Great Chapter

    While universities across the United States honor their newest graduates this Friday, many immigrants in downtown Manhattan are celebrating, too. One hundred of them, representing 31 countries across four continents, graduated as U.S. citizens, joining the ranks of 680,000 others every year in New York and cities around the country.
    Video

    Video Vietnam Sees Strong Economic Growth Despite Incomplete Reforms

    Vietnam has transformed its communist economy to become one of the world's fastest-growing nations. While the reforms are incomplete, multinational corporations see a profitable future in Vietnam and have made major investments -- as VOA's Jim Randle reports.
    Video

    Video Qatar Denies World Cup Corruption

    The head of Qatar’s organizing committee for the 2022 World Cup insists his country's bid to host the soccer tournament was completely clean, despite the corruption scandals that have rocked the sport’s governing body, FIFA. Hassan Al-Thawadi also said new laws would offer protection to migrants working on World Cup construction projects. VOA's Henry Ridgwell reports.
    Video

    Video Infrastructure Funding Puts Cambodia on Front Line of International Politics

    When leaders of the world’s seven most developed economies meet in Japan next week, demands for infrastructure investment world wide will be high on the agenda. Japanese Prime Minister Shinzo Abe’s push for “quality infrastructure investment” throughout Asia has been widely viewed as a counter to the rise of Chinese investment flooding into region.
    Video

    Video Democrats Fear Party Unity a Casualty in Clinton-Sanders Battle

    Democratic presidential front-runner Hillary Clinton claimed a narrow victory in Tuesday's Kentucky primary even as rival Bernie Sanders won in Oregon. Tensions between the two campaigns are rising, prompting fears that the party will have a difficult time unifying to face the presumptive Republican nominee, Donald Trump. VOA national correspondent Jim Malone has more from Washington.
    Video

    Video Portrait of a Transgender Marriage: Husband and Wife Navigate New Roles

    As controversy continues in North Carolina over the use of public bathrooms by transgender individuals, personal struggles with gender identity that were once secret are now coming to light. VOA’s Tina Trinh explored the ramifications for one couple as part of trans.formation, a series of stories on transgender issues.
    Video

    Video Amerikan Hero Flips Stereotype of Middle Eastern Character

    An Iranian American comedian is hoping to connect with American audiences through a film that inverts some of Hollywood's stereotypes about Middle Eastern characters. Sama Dizayee reports.
    Video

    Video Budding Young Inventors Tackle City's Problems with 3-D Printing

    Every city has problems, and local officials and politicians are often frustrated by their inability to solve them. But surprising solutions can come from unexpected places. Students in Baltimore. Maryland, took up the challenge to solve problems they identified in their city, and came up with projects and products to make a difference. VOA's June Soh has more on a digital fabrication competition primarily focused on 3-D design and printing. Carol Pearson narrates.

    Special Report

    Adrift The Invisible African Diaspora