News / USA

US Government Warns of Hack Threat to Network Gear

x
Reuters
The U.S. Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
       
The U.S. government's Computer Emergency Readiness Team, on its website, advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
       
UPnP, a communications protocol, is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel's McAfee unit, said hackers would have a ``field day'' once the vulnerability in network devices is exposed.
       
"Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,'' said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
       
Disabling UPnP once networks have already been set up, will have little impact on the operation of the devices.
       
The new security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday.

The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm's researchers have identified with the UPnP standard.
       
The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
    
Rapid7 has alerted electronics makers about the problem through the CERT Coordination Center, a group at the Carnegie Mellon Software Engineering Institute that helps researchers report vulnerabilities to affected companies.
      
"This is the most pervasive bug I've ever seen,'' said HD Moore, chief technology officer for Rapid7. He discussed the research with Reuters late on Monday.
       
CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

Linksys said it is aware of the problem. ``We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,'' Linksys said in a statement.
       
Belkin, D-Link and Netgear did not respond to requests for comment.

Chris Wysopal, chief technology officer of security software firm Veracode, said he believed that publication of Rapid7's findings would draw widespread attention to the still emerging area of UPnP security, prompting other security researchers to search for more bugs in UPnP.
       
"This definitely falls into the scary category,'' said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier.''
       
Andres Andreu, chief architect at networking security company Bayshore Networks said they expect an increase in cybercrime as hackers begin to figure out ways to take advantage of the newly identified vulnerabilities.
       
"Simple targets such as home routers now become targets of greater interest,'' he said.

Taking Control
       
Moore said that there were bugs in most of the devices that Rapid7 tested and that device manufacturers will need to release software updates to remedy the problems.
       
He said that was unlikely to happen quickly.
       
In the meantime, he advised computer users to quickly use a free tool released by Rapid7 to identify vulnerable gear, then disable the UPnP functionality in that equipment.
       
Moore said hackers have not widely exploited the UPnP vulnerabilities to launch attacks, but both Moore and Wysopal expected they may start to do so after the findings are publicized.
       
Still, Moore said he decided to disclose the flaws in a bid to pressure equipment makers to fix the bugs and generally pay more attention to security.
       
People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and ``smart'' or Web-connected TVs are often shipped with that functionality turned on by default.
       
"You can't stay silent about something like this,'' he said. "These devices seem to have had the same level of core security for decades. Nobody seems to really care about them.''

Veracode's Wysopal said that some hackers have likely already exploited the flaws to launch attacks, but in relatively small numbers, choosing victims one at a time.
       
"If they are going after executives and government officials, then they will probably look for their home networks and exploit this vulnerability,'' he said.
       
Rapid7 has released a tool to help identify those devices on its website.

You May Like

Video Positive Messaging Helps Revamp Ethiopia's Image

In country once connected with war, poverty, famine, headlines now focus on fast-growing economy, diplomatic reputation More

Russian Activist Thinks Kremlin Ordered Nemtsov's Death

Alexei Navalny says comments of Russian liberals who think government wasn't involved are 'nonsense.' More

Video Land Disputes Rise Amid Uganda Oil Boom

Investors appear to be cashing in by selling parcels of land to multiple buyers More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Positive Messaging Transforms Ethiopia's Imagei
X
Marthe van der Wolf
March 03, 2015 9:03 PM
Ethiopia was once known for famine and droughts. Now, headlines more often point to its fast-growing economy and its emergence as a regional peacemaker. How has Addis Ababa changed the narrative? VOA's Marthe van der Wolf reports.
Video

Video Positive Messaging Transforms Ethiopia's Image

Ethiopia was once known for famine and droughts. Now, headlines more often point to its fast-growing economy and its emergence as a regional peacemaker. How has Addis Ababa changed the narrative? VOA's Marthe van der Wolf reports.
Video

Video Cyber War Rages Between Iran, US

A newly published report indicates Iran and the United States have increased their cyber attacks on each other, even as their top diplomats are working toward an agreement to guarantee Iran does not develop a nuclear weapon and to free Iran from international sanctions. The development is part of a growing global trend. VOA’s Al Pessin reports from London.
Video

Video Answers Elude Families of MH370 Passengers

For the families on board Malaysia Airlines flight MH370, an airline official’s statement nearly one year ago that the plane had lost contact with air traffic control at 2:40 AM is the only thing that remains confirmed. William Ide reports.
Video

Video Land Disputes Arise Amid Uganda Oil Boom

Ugandan police say there has been a sharp increase in land disputes, with 10 new cases being reported each day. The claims come amid an oil boom as investors appear to be cashing in by selling parcels of land to multiple buyers. Meanwhile, the people who have been living on the land for decades are chased away, sometimes with a heavy hand. VOA's Serginho Roosblad reports.
Video

Video In Russia, Many Doubt Opposition Leader's Killer Will Be Found

The funeral has been held in Moscow for Boris Nemtsov, the opposition leader who was assassinated late Friday just meters from the Kremlin. Nemtsov joins a growing list of outspoken critics of Russia under the leadership of President Vladimir Putin who are believed to have been murdered for their work. VOA’s Daniel Schearf reports from Moscow.
Video

Video Simulated Astronauts Get Taste of Mars, in Hawaii

For generations, people have dreamed of traveling to Mars to explore Earth's closest planetary neighbor. VOA's Mike O'Sullivan reports that while space agencies like NASA are planning manned missions to the planet, some volunteers in Hawaii are learning how humans will cope with months in isolation on a Mars base.
Video

Video Destruction of Iraq Artifacts Shocks Archaeologists

The city of Mosul was once one of the most culturally rich and religiously diverse cities in Iraq. That tradition is under attack by members of the Islamic State who have made Mosul their capital city. The Mosul Museum is the latest target of the group’s campaign of terror and destruction, and is of grave concern to archaeologists around the world. VOA’s Kane Farabaugh reports.
Video

Video Smartphones May Help in Diagnosing HIV

Diagnosing infections such as HIV requires expensive clinical tests, making the procedure too costly for many poor patients or those living in remote areas. But a new technology called lab-on-a-chip may make the tests more accessible to many. VOA’s George Putic reports.
Video

Video Afghan Refugees Complain of Harassment in Pakistan

Afghan officials have expressed concern over reports of a crackdown on Afghan refugees in Pakistan following the Peshawar school attack in December. Reports of mass arrests and police harassment coupled with fear of an uncertain future are making life difficult for a population that fled its homeland to escape war. VOA’s Ayesha Tanzeem reports from Islamabad.
Video

Video Ukrainian Volunteers Prepare to Defend Mariupol

Despite the ongoing ceasefire in Ukraine, soldiers in the city of Mariupol fear that pro-Russian separatists may be getting ready to attack. The separatists must take or encircle the city if they wish to gain land access to Crimea, which was annexed by Russia early last year. But Ukrainian forces, many of them volunteers, say they are determined to defend it. Patrick Wells reports from Mariupol.
Video

Video Moscow Restaurants Suffer in Bad Economy, Look for Opportunity

As low oil prices and Western sanctions force Russia's economy into recession, thousands of Moscow restaurants are expected to close their doors. Restaurant owners face rents tied to foreign currency, while rising food prices mean Russians are spending less when they dine out. One entrepreneur in Moscow has started a dinner kit delivery service for those who want to cook at home to save money but not skimp on quality. VOA's Daniel Schearf reports.
Video

Video Presidential Hopefuls Battle for Conservative Hearts and Minds

One after another, presumptive Republican presidential contenders auditioned for conservative support this week at the Conservative Political Action Conference held outside Washington. The rhetoric was tough as a large field of potential candidates tried to woo conservative support with red-meat attacks on President Barack Obama and Democrats in Congress. VOA Political Columnist Jim Malone takes a look.
Video

Video Southern US Cities Preserve Civil Rights Heritage to Boost Tourism

There has been a surge of interest in the American civil rights movement of the 1950s and '60s, thanks in part to the Hollywood motion picture "Selma." Five decades later, communities in the South are embracing the dark chapters of their past with hopes of luring tourism dollars. VOA's Chris Simkins reports.
Video

Video Deep Under Antarctic Ice Sheet, Life!

With the end of summer in the Southern hemisphere, the Antarctic research season is over. Scientists from Northern Illinois University are back in their laboratory after a 3-month expedition on the Ross Ice Shelf, the world’s largest floating ice sheet. As VOA’s Rosanne Skirble reports, they hope to find clues to explain the dynamics of the rapidly melting ice and its impact on sea level rise.

All About America

Circumventing Censorship

An Internet Primer for Healthy Web Habits

As surveillance and censoring technologies advance, so, too, do new tools for your computer or mobile device that help protect your privacy and break through Internet censorship.
More