NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0369 Common Wireless Router Design Flaw Enables Remote
Take-Over:
Security experts have uncovered a design flaw in wireless
routers that allows attackers to gain remote control of the devices by luring an
attached computer to a subverted web site. The exploit reportedly works even if
a user has changed the default password of the router, regardless of the
operating system or browser the host computer is running, as long as it has a
recent version of Adobe Flash installed. The problem is said to reside in
Universal Plug and Play (UPnP), a feature built in to most routers used for home
networks so machines running games, instant messaging programsn and other
applications will work seamlessly with the devices. By exposing an end user to
a malicious Flash file on a web site, attackers can use UPnP to make significant
modifications to the router and redirect victims to fraudulent destinations.
The weakness, which works using the 'navigatetoURL' function and
'URLRequest' object specified in Flash, is due to design flaws in UPnP,
which uses no authentication. PCs using virtually any platform and browser will
change router settins, as long as they run version 8 or higher of Flash.
Routers made by Linksys, Dlink and SpeedTouch have been
confirmed to be vulnerable, and other manufacturers' products are also
likely susceptible to attack, the researchers said. Most routers have UPnP
turned on by default, and the only way to prevent the attack is to turn the
feature off, something that is possible with some, but not all, devices.
(www.channelregister.co.uk 15JAN08)
Security researchers have released code showing how a pair of
widely used technologies could be misused to take control of a victim's web
browsing experience. The code, published over the weekend, exploits features
in two technologies: the Universal Plug and Play (UPnP) protocol, which is used
by many operating systems to make it easier for them to work with devices on a
network; and Adobe Systems; Flash multimedia software. By tricking a victim
into viewing a malicious Flash file, an attacker could use UPnP to change the
primary DNS (Domain Name System) server used by the router to find other
computers on the internet. This would give the attacker a virtually
undetectable way to redirect the victim to fake web sites. Because so many
routers support UPnP, the researchers believe that "99% of home routers
are vulnerable to this attack." In fact, many other types of UPnP
devices, such as printers, digital entertainment systems, and cameras are also
potentially at risk. The attack is particularly worrisom because it is cross-
platform - any operating system that supports Flash is susceptible - and
because it is based on features of UPnP and Flash, not bugs that could easily
be fixed by Adobe or the router vendors.
(IDG News Service 15JAN08)