dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
30
share rss forum feed


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

2 recommendations

reply to haroldo

Re: [Security] Universal Plug and Play vulnerability

People love to rip on UPnP... You'll get a lot of people in this thread saying it's the devil.

In reality, UPnP is extremely useful but does have some security risks (what doesn't?). It automates the process of forwarding ports on your router so that you or others can connect to your devices directly. For example, if you use iChat for video conferencing, it works best when a connection can be made directly between the two computers. This requires opening a port on your router so the other user can connect to your computer and receive the video stream. Without UPnP, you need to login to the router, find the correct port number to open, set a rule to forward the port number to your local IP address, then delete it when you're done. UPnP handles all that for you.

Likewise, if you have an Xbox or other game console, they can use UPnP to open ports for online gaming.

In the Apple world, the following services use UPnP: iChat audio/video, FaceTime, Back to My Mac, Find my iPhone/iPad (this can work without it, I think), Find My Mac, remote Screen Sharing, etc (there's probably a few I'm forgetting).

The vulnerability they're describing is that some routers stupidly allow UPnP to work even over the WAN/Internet connection - this should not happen and can be a security risk. But even if a hacker remotely opens a port on your router, they still need to know your computer's local IP address, what services are running on your computer, and an additional exploit or attack vector to get into those services. It's not a "1 packet = destruction" type deal that article implies.

Apple routers use UPnP or a similar protocol called NAT-PMP. I'm not sure if NAT-PMP is also vulnerable in the way the article mentions, but you can safely disable it if you don't use any of the services I mentioned earlier.
--
University of Southern California - Fight On!



haroldo

join:2004-01-16
united state
kudos:1

I use FaceTime and Find My iToys, so I guess I got to keep it.
Still don't entirely understand it, but, presumably, they'll issue an update to the router, right?



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

There's no mention of NAT-PMP in that article, which is what Apple uses AFAIK, so I'm not sure if the same vulnerabilities apply.

Even if their implementation was vulnerable, they'd still have to allow NAT-PMP over the WAN/Internet connection, which I don't think they do.

If there is a problem, it can be easily updated through a firmware patch.
--
University of Southern California - Fight On!



TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless
reply to Thinkdiff

said by Thinkdiff:

In the Apple world, the following services use UPnP: iChat audio/video, FaceTime, Back to My Mac, Find my iPhone/iPad (this can work without it, I think), Find My Mac, remote Screen Sharing, etc (there's probably a few I'm forgetting).

I use many of the above as well as Vonage. The Vonage router uses UpNp to open inbound voice ports and it does so randomly.

said by Thinkdiff:

Apple routers use UPnP or a similar protocol called NAT-PMP. I'm not sure if NAT-PMP is also vulnerable in the way the article mentions, but you can safely disable it if you don't use any of the services I mentioned earlier.

Is there an external test to determine whether UpNp is accessible remotely?

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"



skeechan
Ai Otsukaholic
Premium
join:2012-01-26
AA169|170
kudos:2
Reviews:
·Clear Wireless
·Cox HSI
·Verizon FiOS
reply to Thinkdiff



haroldo

join:2004-01-16
united state
kudos:1
reply to Thinkdiff

said by Thinkdiff:

... ...But even if a hacker remotely opens a port on your router, they still need to know your computer's local IP address, what services are running on your computer, and an additional exploit or attack vector to get into those services. It's not a "1 packet = destruction" type deal that article implies....

(still trying to learn)...if a hacker uses this vulnerability to get past the router, what damage can they do?
I'm guessing that if someone is sophisticated enough to figure out how to get past the router, finding an IP address (responding to your comment above) doesn't seem too taxing.
What can they do to your computer?
Thanks!

dickmead
Premium
join:1999-08-22
Pasadena, CA
reply to TamaraB

grc.com now has a test for upnp wan access in the shields-up section.
Just fyi



TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx

Thanks!