UPnP exposure Filet-O-Firewall vulnerabilities, millions of home routers at risk of attack-vulnerability warning-the black bar safety net

2015-09-06T00:00:00
ID MYHACK58:62201566622
Type myhack58
Reporter 佚名
Modified 2015-09-06T00:00:00

Description

UPnP exposure security vulnerability Filet-O-Firewall, the millions of home network devices in the network attack risk. Cause the UPnP vulnerability the main reason is that its lack of adequate authentication mechanisms. myhack58 Wikipedia: UPnP UPnP is a wide variety of smart devices, wireless devices and personal computers, to achieve global peer to peer network connection is the P2P of the structure. UPnP is a distributed, open network architecture. UPnP is independent of the medium. In anyoperating system, the use of any programming language can use the UPnP devices. The UPnP Protocol Universal Plug-and-play English is the Universal Plug and Play, abbreviated UPnP. The UPnP specification is based on TCP/IP Protocol and for devices between each communication and the development of a new Internet Protocol. The vulnerability principle According to the Carnegie Mellon University Software Engineering Institute's CERT recently released security report, UPnP security vulnerabilities in the millions of home network devices exposed in the cyber attack risk. Cause the UPnP vulnerability the main reason is that its lack of adequate authentication mechanisms. This report stated: “Implementation of the UPnP Protocol of the home routers do not have UPnP control URL the UUID for enough of the random process, or does not implement other UPnP security measures. Safety standards using the lack of Might makes currently on the market numerous devices exposed to the risk of attack, because it will cause the attacker by accessing the private network to guess the device in the UPnP control URL. If an attacker to guess the URL, then they will be able to use UPnP to modify home router configuration, such as open ports, open to allow the attacker further access to the network services. Considering the many manufacturers using the standard UPnP control URL names, so guess it is possible.” If the user is running Chrome or Firefox browser, and the browser opens the JavaScript function, then the attacker can exploit the vulnerability Filet-o-Firewall(CERT-VU#3 6 1 6 8 4 to a firewall issue any UPnP request, and ultimately make their networks exposed to the risk of attack. The attacker only needs to build a crafting website and in the site of the implant the exploit code. If the user opened the JavaScript function Chrome or Firefox browser to access the site, then the attack will force the browser to their firewall to initiate the UPnP request, so that the network exposed in a hacker attack. ! ! The scope of the impact If successfully exploited, the Filet-o-Firewall vulnerability, then the attacker will be able to open firewall ports, and to the home router sends a Management Command. Researcher Grant Harrelson explained that in less than 2 0 seconds will be able to initiate this attack, and anyone running a UPnP service to the home router in this attack risk. The use of Filet-o-Firewall vulnerability allows an attacker to access the target network, and once inside the internal network, the attacker can find the impact of the internal network to other devices other vulnerabilities, and then the invasion of other network devices. Harrelson in a blog post stated: “By using a Filet-O-Firewall vulnerability, an attacker can be inside the firewall of any device is directly exposed on the Internet. This process for the end user is almost transparent, it does not require the user to install or run any application. Users simply use the affected and turn on the JavaScript function of the browser to browse the attacker's web site. This vulnerability is mainly due to logical errors, and does not exist in a particular code segment. It's a lot of different attacks combined into one result, and is specifically designed to attack home routers in the UPnP service.” This report includes the affected list of devices, but Harrelson presumably many other devices also affected by the Filet-O-Firewall vulnerability. As a mitigation measure, CERT recommends that users disable the UPnP to randomize the UPnP UUID and URL. UPnP security event review In fact, in the past UPnP security has suffered a security experts have questioned. In 2 0 1 4 years 1 0 months, Akamai's researchers published a paper on“the use of the world within the scope of the vulnerable UPnP device is reflected and amplifiedDDoSattack”of the report. In 2 0 1 3 year, security firm Rapid7 CSO HD Moore published a study report on the Internet in response to the UPnP request 8 0 0 0 million devices, more than 5 0 0 0 million are vulnerable to network attacks.