If you browse to any page on the administration interface with your browser’s User Agent (UA) string set to a peculiar, hard-wired value, the router doesn’t bother to ask for a password. I’ll skip the details – you should read the original author’s analysis, since he did the hard yards to identify the flaw – and cut to the almost unbelievable conclusion. This one was found in the firmware of a number of D-Link routers – the author suggests at least the models DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240. You can probably guess where this is going: another security hole.
UPnP is a protocol that is supposed to make it easier to configure your system correctly, but may instead leave you open to the world. We’ve talked about how the Wi-Fi Protected Setup (WPS) feature, intended to improve security, typically makes your wireless access point easier to break into.Īnd we wrote up a widepsread flaw in the way that many routers implement a popular system known as Universal Plug and Play (UPnP). We described a flaw that allowed attackers to force your router to open up its administration interface to the internet, something you would never normally do. We had a botnet that unlawfully mapped the internet by jumping around from router to router and taking measurements without permission. Indeed, in recent times, we’ve written repeatedly about security problems in consumer embedded devices. Part of the hackers’ motivation is to get the devices to do things that the vendor may not have bothered to implement, thus improving their functionality.Īnd why not, if it’s your device that you bought outright with your own money?īut hacking on embedded systems can also help to improve security, or at least help others to avoid insecurity, by revealing and helping to fix potentially exploitable vulnerabilities that might otherwise lie dormant for years. They like to see what interesting facts these devices’ proprietary hardware and firmware might reveal. Members of the embedded systems hacker collective /dev/ttys0 spend their time playing around with devices like home routers and set-top boxes.
0 kommentar(er)
