Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Networking Security

Critical Vulnerability In NetUSB Driver Exposes Millions of Routers To Hacking 70

itwbennett writes: NetUSB, a service that lets devices connected over USB to a computer be shared with other machines on a local network or the Internet, is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. The advisory notice has a list of affected routers.
This discussion has been archived. No new comments can be posted.

Critical Vulnerability In NetUSB Driver Exposes Millions of Routers To Hacking

Comments Filter:
  • NOT a kernel bug (Score:5, Informative)

    by Lost Race ( 681080 ) on Wednesday May 20, 2015 @11:09AM (#49736475)

    This is some crappy proprietary firmware library for very low cost network devices. As TFA mentions, we can expect a lot more of these vulnerabilities in the "IoT".

    • by Dagger2 ( 1177377 ) on Wednesday May 20, 2015 @11:54AM (#49737079)

      It may not be part of the mainline Linux kernel, but the "firmware library" here is a kernel module, so this bug is a kernel-mode remote execution vulnerability. Which... probably isn't that much worse than a userland vulnerability for this type of device, where everything typically runs as root anyway, but still.

    • These are not all necessarily "very low cost network devices". I have the Netgear R7000 which is in the list and at the time I bought it it was one of the highest rated and most expensive home WiFi routers available. Granted, these are not corporate infrastructure level devices, but they are certainly not all "very low cost" ones either.

    • This is just yet another reason on the already long list of why I never use consumer routers. Between the awful specs, terrible proprietary firmwares, and swiss cheese security, I've decided to just use only repurposed hardware for routers. Almost anything past the P4 era can route at gigabit speeds without the need for "NAT accel" hardware (aka "our hardware is so slow that it needs NAT acceleration to do what a thrown-out PC can do"). That, or look for used professional gear.

      Pretty much the only thing
  • by Bovius ( 1243040 ) on Wednesday May 20, 2015 @11:11AM (#49736501)

    The advisory focuses on hardware brands - doesn't mention anything about aftermarket software. Anyone know?

    • The vulnerable module appears to be proprietary, not open source, so dd-wrt and other open source firmware wouldn't include it.

      If you have a router or similar device with a USB port which can be used to share USB printers and webcams, it's vulnerable. Sharing of USB STORAGE is done differently.

  • by StikyPad ( 445176 ) on Wednesday May 20, 2015 @11:11AM (#49736507) Homepage

    If by "millions" you mean "one or two with computer names longer than 64 characters." At least for external threats. For internal threats on public WiFi, the networks should always be presumed to be insecure. For private networks, you already control the devices that connect because you have a secure passphrase, right? Right?

    • by IMightB ( 533307 )

      Not only that, but it appears that it needs to be internal (as in physical access), a name longer than 64 character PLUS connected via USB. I cannot think if too many instances where this is a mission critical combination.

  • by Anonymous Coward

    Not surprised at all for trusting any services management with anything other than Systemd

  • by Opportunist ( 166417 ) on Wednesday May 20, 2015 @11:41AM (#49736921)

    Seriously. NetUSB? On a router? WHY the devil would I want that?

    But lemme guess: It was cheap to add, it was a feature that we can tack onto the "look, shiny!" list of things the router can do and people simply count down the "features" of a router whether they need them or even know what the fuck they are.

    Meanwhile, it becomes near impossible to buy a router that is JUST THAT. A router. And in case you're wondering "hey, why would you want that when you can have $feature on top of it for FREE?", look no further than this exploit. Without the useless gadget that netUSB is, this exploit would not exist!

    • by wed128 ( 722152 )

      So...disable all the features you aren't using to minimize your threat surface?

      • I do. If that's possible at all. Besides, not always does "disabling" a service really render it secure against an exploit targeting it. That's the whole point behind an exploit, that whatever it attacks does not behave as it should.

    • Re:Who needed it? (Score:5, Interesting)

      by amorsen ( 7485 ) <benny+slashdot@amorsen.dk> on Wednesday May 20, 2015 @12:11PM (#49737313)

      Seriously. NetUSB? On a router? WHY the devil would I want that?

      Printer sharing. A problem that was solved well in the 80's and since re-solved slightly worse every few years. It is difficult to imagine a worse way than NetUSB, but I am sure there are developers out there with a better imagination than mine.

      • It was solved in the 80s and then crapped on in the 90s in the name of making ever-cheaper disposable printers for the purpose of selling million-dollar ink cartridges and print heads.

      • NetUSB is used by some printer servers to allow use of USB only All-in-One printers and scanners over a network. I had to fix a setup once, and it was nothing but a buggy mess. The printer and its drivers were never designed to be used in a shared environment and the client machines needed some really ugly "Virtual USB" driver to fool the AIO's software into thinking it was directly connected to the machine. It worked sometimes, just never EVER try to print or scan from multiple machines at once.
      • Yes, however the last time I was in Costco I looked at the cheap printers, and the $140 multifunction scanner, doc-feeder, photo ink-jet with duplexer (some fly by night outfit named HP made it) had a touch screen interface and WiFi.

        So yeah, not seeing this as a really killer feature in a router. I guess that's why my router doesn't have a USB port.
  • by Anonymous Coward

    They should be using OpenBSD in routers anyway.

  • Still glad I'm using my pfsense router.

    I have no doubt that there are plenty of devices that suffer from this vulnerability and will never see a firmware update because they'd rather you "buy some shiny new hardware that will not have this vulnerability". Well, guess what? I bought my last 2 routers for that reason, and I shouldn't have to buy a new one every 2 years because the manufacturer went cheap-and-dirty.

  • It happens I could use remote USB port functionality.

    (Right now I want to run, on my laptop, a device that requires a Windows driver and Windows-only software. I have remote access to a Windows platform with the software and driver installed. If I could export a laptop USB port to the Windows machine, it would solve my problem.)

    So NetUSB is vulnerable. Is there an open source replacement for it? (Doesn't need to be interworking if there are both a Linux port server and a Windows client-pseudodriver available.)

    • Yes, Linux has USB/IP support. There's a kernel module to handle it on the Linux host, and there's a client driver available for Windows (although I'm not sure how well it works as I've never used it myself).
      • by tbuskey ( 135499 )

        Yes, Linux has USB/IP support. There's a kernel module to handle it on the Linux host, and there's a client driver available for Windows (although I'm not sure how well it works as I've never used it myself).

        I had a need to get a USB scanner into a Windows 7 VM that I connected to via RDP. I put Linux USB/IP on a raspberry PI and plugged the scanner in. The Windows box got the client. I could scan. Problem solved.

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Working...