Is your home updated?

Threat Intelligence Team, 31 January 2013

Is your home updated?

The digitalization of our homes continues to grow, and with it the number of vulnerabilities your household devices can suffer from. We're surrounded with many specialized minicomputers (which we usually fail to consider computers) that are subject to the same problems as the desktops or laptops. But, because of a psychological barrier, we're unable to see them this way. Almost nobody thinks of their big TV as a computer and the same is true of phones, but there are many smaller, almost invisible devices like intelligent disk arrays (NAS) or routers, which are nothing else but 'computers without the keyboards'. It was published in the past - it's possible to hack/exploit/misuse such devices - there are exploits for printers, desk phones, Samsung TVs, all of these devices contain bugs which, when exploited by the bad guys, could run executable code which suits bad guys' needs.

Before we start with the description of the new vulnerability found, please take this short survey - but really, take it before reading the rest of the article!

Link to SurveyMonkey survey.

Ok, thanks for taking it. The cable modems/routers/Wi-fi access points are typical examples of invisible computers. Network setup is not an easy thing to do, so the manufacturers came with several technologies to make life easier for the people - but this also leads to oversimplification which then lets people just 'connect the box', test if it works and they're done. If such device listens by default on an external interface, the bad guy can log in using the default password (because the users just connected the box, he/she left the default password there) and do whatever he wants with the device. Even in an automated way.

Also, such devices can sometimes be remotely exploited - there is a known case in Brazil where millions of ADSL routers were exploited because the firmware contained remotely exploitable bug allowing the attackers to change the configuration, reroute traffic to their servers and then install the software on the users' machines which seemed to come from the legitimate sources like Google or Facebook.

This week a study by security company Rapid7 reported new vulnerability, or better said, a set of vulnerabilities. The bugs are hidden in a library called libupnp from Intel, which many of the router manufacturers used without any security testing. The library implements Universal Plug and Play (UPnP) networking protocol - technology allowing the network devices to find other devices on the network, again simplifying the network setup.

And, as this vulnerable library is present in millions of devices around the world, especially routers and the protocol is usually turned on by default, there is a high probability that your device can also be attacked by the bad guys exploiting it.

You can check your devices by the tools released by Rapid7: from internal network by ScanNow and from outside world by Router Security Check.

And as the questions in our survey suggest - when did you last time checked for the updates of your 'computer based' devices, especially those with the internet connection? Did you turn off everything you don't need (and, usually, if you don't know it, you probably don't need it). Have you changed passwords in all the devices? (and I mean real passwords, not admin/admin).

You should never assume that you're an uninteresting target for the bad guys, as it's very easy for them to find your device, exploit it, and then do whatever they want with your traffic.

Related articles