November 24, 2011 at 14:35Small devices with big problems
Dear Khabrovites! We know that sometimes you have more than enough to browse through capacious posts on Habré and swear in comments. So read Martha Janus ' article, Hydra's Heads. Malicious software for network devices . ” If you know what MIPS, UPnP, SNMP, CSRF and drive-by pharming are, and remember what Chuck Norris has to the IRC bot, you will probably be interested - read it.
As you can see from the article, Martha is genuinely concerned about the security of network devices such as routers, access points, and DSL modems.
Firstly, Martha claims that these devices are often poorly configured and have numerous vulnerabilities in firmware, primarily in the web interface. The web interface may be vulnerable to attacks such as authentication bypass, cross-site scripting (XSS), and cross-site request forgery (CSRF). All this makes network devices an easy target and allows cybercriminals to quickly and easily gain control of the network.
At the same time, attacks on network devices can cause significant damage to victims of cybercriminals. Here, for example, the possible consequences of unauthorized access to the router:
- Interception of network traffic
- The ability to eavesdrop on conversations using VoIP (voice traffic over the Internet)
- Theft of WEP / WPA encryption keys
- Ability to change device configuration:
• change / reset passwords
• access to internal networks from WAN (wide area networks)
• risk of an attacker opening a backdoor giving access to a computer by port forwarding
• changing DNS settings (drive-by pharming)
Secondly Network devices can serve as a refuge for malicious programs that gain the ability to seamlessly infect computers connected to the network device again or again and build huge botnets from infected devices. And although there are only a few cases of malware infecting network devices (Martha examines each of the currently known malicious programs for routers in some detail), it’s a very bad start.
According to Martha, currently cybercriminals are most interested in changing DNS settings and creating botnets for DDoS attacks. However, the range of possibilities for using network devices for malicious purposes is much wider and includes the extraction of valuable data from intercepted traffic, sheltering malware for the computer in the RAM of the router and the distribution of ransomware.
At the end of the article, Martha very unequivocally states that the manufacturers of network devices are responsible for the security of the network devices. They need to pay more attention to the vulnerabilities and security of the firmware and carefully test each device for security before releasing it to the market.
Martha writes about what exactly needs to be done in order to reduce security problems:
- implement randomly generated passwords so that the default password for each device is unique
- release new devices with secure settings that prohibit remote access to the device with the default login and password
- rework UPnP implementation
- use SNMP only in its protected versions of
“Let's not be passive,” Marta urges, alarmed, “It's not too late to change the direction of development of network device security.”
As you can see from the article, Martha is genuinely concerned about the security of network devices such as routers, access points, and DSL modems.
Firstly, Martha claims that these devices are often poorly configured and have numerous vulnerabilities in firmware, primarily in the web interface. The web interface may be vulnerable to attacks such as authentication bypass, cross-site scripting (XSS), and cross-site request forgery (CSRF). All this makes network devices an easy target and allows cybercriminals to quickly and easily gain control of the network.
At the same time, attacks on network devices can cause significant damage to victims of cybercriminals. Here, for example, the possible consequences of unauthorized access to the router:
- Interception of network traffic
- The ability to eavesdrop on conversations using VoIP (voice traffic over the Internet)
- Theft of WEP / WPA encryption keys
- Ability to change device configuration:
• change / reset passwords
• access to internal networks from WAN (wide area networks)
• risk of an attacker opening a backdoor giving access to a computer by port forwarding
• changing DNS settings (drive-by pharming)
Secondly Network devices can serve as a refuge for malicious programs that gain the ability to seamlessly infect computers connected to the network device again or again and build huge botnets from infected devices. And although there are only a few cases of malware infecting network devices (Martha examines each of the currently known malicious programs for routers in some detail), it’s a very bad start.
According to Martha, currently cybercriminals are most interested in changing DNS settings and creating botnets for DDoS attacks. However, the range of possibilities for using network devices for malicious purposes is much wider and includes the extraction of valuable data from intercepted traffic, sheltering malware for the computer in the RAM of the router and the distribution of ransomware.
At the end of the article, Martha very unequivocally states that the manufacturers of network devices are responsible for the security of the network devices. They need to pay more attention to the vulnerabilities and security of the firmware and carefully test each device for security before releasing it to the market.
Martha writes about what exactly needs to be done in order to reduce security problems:
- implement randomly generated passwords so that the default password for each device is unique
- release new devices with secure settings that prohibit remote access to the device with the default login and password
- rework UPnP implementation
- use SNMP only in its protected versions of
“Let's not be passive,” Marta urges, alarmed, “It's not too late to change the direction of development of network device security.”