Universal Exploit n' Play | TechSNAP

It’s way past time to turn off Universal Plug and Play, we’ll give you the details on the exploit that only requires a single network packet.

Plus how we’ve built our VM storage setup, our favorite network monitoring tools, and much much more! In this week’s episode of TechSNAP!

Thanks to:

GoDaddy.com

Use our code tech295 to get a .COM for $2.95.

Something else in mind? Use go28off2 to save 28% on your entire order!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

Direct Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

<a href="https://jblive.wufoo.com/forms/s7x2p7/" title="Sign up for the Jupiter Signal!">Fill out my Wufoo form!</a>

Show Notes:

Get TechSNAP on your Android:

Browser Affiliate Extension:

Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Many consumer devices exposed via new uPnP exploits

Universal Plug’n’Play is a networking protocol that allows your consumer devices (routers, printers, media servers, IP cameras, SmartTVs, home automation systems and network storage devices) to communicate and discover each other
Most consumer devices come with uPnP enabled by default, and many devices lack a way to turn the feature off
As with all consumer devices, a large portion of these do not include any update facilities and cannot be updated or patched
Rapid7 security researcher HD Moore conducted a survey of all Internet addressable IPv4 addresses and found many more devices than expected
He also found more than 10 different vulnerabilities across the various devices and implementations
His survey found over 6900 unique products from 1500 manufacturers
81 million unique IP addresses responded to uPnP queries (2.2% of the internet, more IP addresses than are assigned to the entire country of Canada)
over 20% (17 million) of those devices exposed the uPnP SOAP API to the Internet
73% of the devices were created using the 4 most popular SDKs, meaning the any exploits for one device and likely to affect a large portion of all devices, even from different manufacturers
332 unique products use MiniUPnPd 1.0, which is remotely exploitable
69% of all devices using MiniUPnPd where version 1.0 or older
23 million devices use a vulnerable version of libupnp that allows remote code execution
uPnP is a 12 year old protocol, and has had security problems from the start, while it contains some systems for authentication, they are rarely implemented
The main issue seems to be that many manufacturers are using older version of the SDK, or not updating their code base when developing newer devices, as well as not including update mechanisms in the products to allow them to be patched as vulnerabilities like these are found
HD Moore commented that he was unable to find any previous CVE’s mentioning any of the uPnP SDKs that he found exploits for, meaning they have not been extensively tested, or that vulnerabilities were attributed to individual devices when they actually apply to all devices based on the same SDK
Full Paper

New York Times hacked by Chinese

The New York Times reports that for the last 4 months it has been under attack by Chinese hackers
Using custom APT (Advanced Persistent Threat) malware, the attackers managed to steal passwords for reporters and other employees of the newspaper
The attacks apparently started after the Times posted an investigation that found that relatives of Chinese Premier Wen Jiabao had amassed a fortune worth over a billion dollars from various business dealings
The Chinese attackers routed their attacks through computers they had compromised at various US Universities, in an attempt to mask the source of the attack and evade detection
Investigators were not able to determine how the attackers initially broke into the systems, but they suspect a spear-phishing attack was used to compromise an individual computer, then island hop from there
Investigators identified 45 unique pieces of malware, all of which appeared to be custom and only 1 of which was detected by the Symantec Anti-virus system used at the Times
“Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees”
The official Chinese response was “Chinese laws prohibit any action including hacking that damages Internet security.”
“damages Internet security” is sufficiently vague that it could mean anything from an individual user using a weak password to a security researcher disclosing a vulnerability
Technically, targeted attacks do not necessarily “damage the security of the Internet”
Consultants hired by the New York Times’ claim that no customer data was exposed
This is not the first attack against the US media that appears to have come from the Chinese government
Bloomberg News reported being attacked in a similar fashion in June after posting an article about relatives of Xi Jinping (General Secretary of the Communist Party, expected to become President in March 2013)
New York Times Hack Started With A Simple Email Scam

Feedback:

Chris is not sure if we should keep submitting plain text password offenders. While it is shameful, it’s also so common that if we put every organization guilty of this that we find out about in the Hall of Shame it will be huge. I think the Hall of Shame should be reserved for especially bad, unique and large in scope security blunders.

Limited TechSNAP 100 T-Shirt

T-Shirt with or without Swearing?