dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1207
share rss forum feed


haroldo

join:2004-01-16
united state
kudos:1

[Security] Universal Plug and Play vulnerability

I saw this ...

quote:
Unplug Universal Plug And Play: Security Warning

Tens of millions of devices with UPnP are remotely exploitable, warns Metasploit creator. New tool detects vulnerable devices, which include 6,900 different product versions spanning 1,500 vendors.
By Mathew J. Schwartz, InformationWeek
January 29, 2013

More than 23 million Internet-connected devices are vulnerable to being exploited by a single UDP packet, while tens of millions more are at risk of being remotely exploited.

That warning was issued Tuesday by vulnerability management and penetration testing firm Rapid7, which said its researchers spent six months studying how many universal plug and play (UPnP) devices are connected to the Internet -- and what the resulting security implications might be. The full findings have been documented in a 29-page report, "Security Flaws In Universal Plug and Play." ...»www.informationweek.com/security···40147226
(but don't understand it)

Simple question...I have an Apple Airport Extreme router, is it vulnerable?
Thanks!


donoreo
Premium
join:2002-05-30
North York, ON

Is UPnP turned on? Maybe. I always turn that shit off on everything.



haroldo

join:2004-01-16
united state
kudos:1

dunno...I hate 'tweaking' stuff since I always end up wrecking some other program that needs it....but usually don't realize it until a year later. I love default set up!
What 'things' need UPnP?



donoreo
Premium
join:2002-05-30
North York, ON

said by haroldo:

dunno...I hate 'tweaking' stuff since I always end up wrecking some other program that needs it....but usually don't realize it until a year later. I love default set up!
What 'things' need UPnP?

That I cannot answer.

Best practice: turn everything OFF and only turn on what you need.
--
The irony of common sense, it is not that common.
I cannot deny anything I did not say.
A kitten dies every time someone uses "then" and "than" incorrectly.
I mock people who give their children odd spelling of names.


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

2 recommendations

reply to haroldo

People love to rip on UPnP... You'll get a lot of people in this thread saying it's the devil.

In reality, UPnP is extremely useful but does have some security risks (what doesn't?). It automates the process of forwarding ports on your router so that you or others can connect to your devices directly. For example, if you use iChat for video conferencing, it works best when a connection can be made directly between the two computers. This requires opening a port on your router so the other user can connect to your computer and receive the video stream. Without UPnP, you need to login to the router, find the correct port number to open, set a rule to forward the port number to your local IP address, then delete it when you're done. UPnP handles all that for you.

Likewise, if you have an Xbox or other game console, they can use UPnP to open ports for online gaming.

In the Apple world, the following services use UPnP: iChat audio/video, FaceTime, Back to My Mac, Find my iPhone/iPad (this can work without it, I think), Find My Mac, remote Screen Sharing, etc (there's probably a few I'm forgetting).

The vulnerability they're describing is that some routers stupidly allow UPnP to work even over the WAN/Internet connection - this should not happen and can be a security risk. But even if a hacker remotely opens a port on your router, they still need to know your computer's local IP address, what services are running on your computer, and an additional exploit or attack vector to get into those services. It's not a "1 packet = destruction" type deal that article implies.

Apple routers use UPnP or a similar protocol called NAT-PMP. I'm not sure if NAT-PMP is also vulnerable in the way the article mentions, but you can safely disable it if you don't use any of the services I mentioned earlier.
--
University of Southern California - Fight On!



haroldo

join:2004-01-16
united state
kudos:1

I use FaceTime and Find My iToys, so I guess I got to keep it.
Still don't entirely understand it, but, presumably, they'll issue an update to the router, right?



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

There's no mention of NAT-PMP in that article, which is what Apple uses AFAIK, so I'm not sure if the same vulnerabilities apply.

Even if their implementation was vulnerable, they'd still have to allow NAT-PMP over the WAN/Internet connection, which I don't think they do.

If there is a problem, it can be easily updated through a firmware patch.
--
University of Southern California - Fight On!



TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless
reply to Thinkdiff

said by Thinkdiff:

In the Apple world, the following services use UPnP: iChat audio/video, FaceTime, Back to My Mac, Find my iPhone/iPad (this can work without it, I think), Find My Mac, remote Screen Sharing, etc (there's probably a few I'm forgetting).

I use many of the above as well as Vonage. The Vonage router uses UpNp to open inbound voice ports and it does so randomly.

said by Thinkdiff:

Apple routers use UPnP or a similar protocol called NAT-PMP. I'm not sure if NAT-PMP is also vulnerable in the way the article mentions, but you can safely disable it if you don't use any of the services I mentioned earlier.

Is there an external test to determine whether UpNp is accessible remotely?

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"



skeechan
Ai Otsukaholic
Premium
join:2012-01-26
AA169|170
kudos:2
Reviews:
·Clear Wireless
·Cox HSI
·Verizon FiOS
reply to Thinkdiff



haroldo

join:2004-01-16
united state
kudos:1
reply to Thinkdiff

said by Thinkdiff:

... ...But even if a hacker remotely opens a port on your router, they still need to know your computer's local IP address, what services are running on your computer, and an additional exploit or attack vector to get into those services. It's not a "1 packet = destruction" type deal that article implies....

(still trying to learn)...if a hacker uses this vulnerability to get past the router, what damage can they do?
I'm guessing that if someone is sophisticated enough to figure out how to get past the router, finding an IP address (responding to your comment above) doesn't seem too taxing.
What can they do to your computer?
Thanks!

dickmead
Premium
join:1999-08-22
Pasadena, CA
reply to TamaraB

grc.com now has a test for upnp wan access in the shields-up section.
Just fyi



TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx

Thanks!