Millions of Home Network Devices Vulnerable to Hacking – Take Action Today

January 30, 2013

Consumers around the world are being advised to immediately check their home networks for the three major security holes after new research by Rapid7 has discovered that over 6,900 networked devices from 1,500 manufacturers are vulnerable to cyber-attacks because of a flawed use of the Universal Plug and Play (UPnP) protocol.

The Plug and Play protocols (standards) are what allow networks and computing devices (like PC’s printers, keyboards, webcams, flash drives and Wi-Fi access points to automatically identify and communicate with other devices without requiring users to configure the connections. For example, you plug in a webcam, flash drive or keyboard and it automatically works with your computer.

The issue is that while security has evolved for other aspects of computing to block criminal exploitation, these UPnP protocols have largely gone unchanged.  There are patches available to fix the issues, but it is expected to take a long time before the patch is included in new products. You’ll have to reach out to the manufacturer of any devices on your network that are at risk to see if they have patches for your existing devices.

“The results were shocking to the say the least. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet,” said the report’s author HD Moore, creator of Metasploit and currently CTO at vulnerability testers Rapid7. Moore explained to that the scale of vulnerabilities was surprisingly high, and everyone from ISPs, businesses and home users should check their hardware. While the attacks are somewhat complex in nature at the moment, they are likely to be picked up and automated by malware writers in the future.

Find Out if Your Devices Vulnerable

upnp1Rapid7 has created a free ScanNow UPnP tool for Windows users to check for the flaws so that vulnerable equipment can be identified and locked down. For Linux and Mac users, you’ll need to get the same tool directly from Metasploit.

  1. Download the free ScanNow UPnP tool and select Run. This will bring up a page asking you to enter your IP address or range of addresses.

At this point you have three options for what to enter into these fields:

upnp2

  • If you only have one computer or laptop, you can enter the universal ‘loop back’ address that looks inside your computer. To do this you would enter 127.0.0.1 in both fields.  This will scan the individual device.

Start the scan and wait for the results.  The results page has a lot of information on it, but scroll to the bottom for your scorecard.  If your scan shows no issues, you’re in good shape and don’t need to do anything else. If your scan shows a problem, read on to find out what to do next.

upnp3

  • upnp4If you have multiple devices to test, you can infer the internal IP address range of your computers, keyboards, webcams, etc. you are using.

This IP address number range can be found by clicking on the Start menu, then typing CMD (command) into the search field, and clicking enter.

This brings up a needlessly scary looking black screen that was never made pretty because regular consumers rarely see it. upnp5On this screen you will see a command line that should say C:\Users\THE NAME OF THE COMPUTER ADMINISTRATOR>. On this line type in ‘ipconfig’ (which stands for IP address configuration). This will bring up a whole scroll of information but what you are looking for is easy to find.

Scroll down until you see a line called IPv4. For 99% of users (anyone who has not changed he default configuration of upnp6their devices, there will be a number sequence that will begin with 192.168.xxx.xxx, 172.xxx.xxx.xxx, or 10.xxx.xxx.xxx.  In this example, the number sequence starts with 192.168.

Copy the first three sets of numbers and enter into the first three fields of both the starting and ending address fields.  In the last field of the starting address, enter the number 1. In the last field of the ending address, enter the number 255. For the example shown above, it would look like this:

upnp7

Now, start the scan and wait for the results.  The results page has a lot of information on it, but scroll to the bottom for your scorecard.  If your scan shows no issues, you’re in good shape and don’t need to do anything else. If your scan shows a problem, read on to find out what to do next.

  • If you want to use your external IP address to scan all of your devices and peripherals, you can find your external IP address by going to the website whatismyIP.org. You’ll see your IP address displayed at the very top of the screen. Take that number sequence, and enter it into both the starting and ending address fields in the ScanNow application.

Now, start the scan and wait for the results.  The results page has a lot of information on it, but scroll to the bottom for your scorecard.  If your scan shows no issues, you’re in good shape and don’t need to do anything else. If your scan shows a problem, read on to find out what to do next.

Again, if you pass the test without any issues, you’re done. If however the test finds issues you have to figure out which device(s) or peripheral (keyboard, webcam, UPnP hubs etc.) is the culprit putting you at risk. If you only have computers, it’s pretty easy to sit down at each one and perform the test, and then disable peripherals to determine which (if any) are causing the problem.   If you have devices like an Xbox or internet TV, it is harder to perform the test directly on those devices so you may just want to unplug these one by one and run the test against your full network again to identify the culprit.

If you can’t figure out which device or peripheral is causing the problem, ask a friend or family member who is more technically savvy than you, or use a service like Geek Squad and have them come identify the issue.

Unplug and quit using any device or peripheral with security risks until you can get these updated with a fix. To do this, you will most likely have to contact the manufacturer and ask if they have a way to upgrade the code to a safe version.  This can be a real pain, but it’s far less painful than having hackers exploit your computers and steal your financial identity, your information or hold your information for ransom.

Linda


Hacker Group Anonymous Threatens Drug Cartel with Exposure

November 12, 2011

Anonymous has once again targeted a despicable group, and like the hacker group’s recent attack on pedophiles,[i] I find myself reluctantly cheering. It’s hard to feel sorry when a bunch of drug running thugs who dabble in other crimes like extortion get the tables turned on them.

It’s almost like Anonymous really is evolving into a band of digital superheroes – clear down to their masked appearance (as Guy Fawkes) in their YouTube video.

Unfortunately, like the superheroes of fiction, they’re operating as vigilantes – imagine the good that could be accomplished if their considerable skills were applied more directly towards collaborating with law enforcement.

According to the Anonymous YouTube video, it was the kidnapping of one of their hacktivists that triggered their threats against the Zetas, an ultra-violent Mexican drug cartel that in addition to their drug trafficking is also involved in extortion, assassinations and kidnappings.

The hacktivist group also set a Nov. 5th deadline for the release of their member timing it to coincide with Guy Fawkes Day, the anniversary of the discovery of the 1604 plot to blow up the British Parliament.

Anonymous threatens to release photos and names of everyone involved with the Zetas – from taxi drivers and journalists and on up the chain and says they want “the army and the navy to know that we are fed up with the criminal group Zetas.”

If the hackers really can pull off the exposure of the cartel’s participants – and given their track record the threat doesn’t seem idle – the cartel appears to be in an untenable position. Giving in to Anonymous’ threat makes them appear weak and leaves them vulnerable to other attacks in what is already a brutal struggle for dominance in the drug trade. On the other hand, ignoring the threat and being outed by name and with pictures leaves their entire cartel exposed in an open hunting season by law enforcement and competing thugs.

It will be curious to see how this unfolds. My hope is that the kidnapped hacktivist is returned safely AND the cartel is still served up on a platter.

Linda