50 Million Potentially Vulnerable To UPnP Flaws 138
Gunkerty Jeb writes "In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks. A Rapid7 white paper enumerated UPnP-exposed systems connected to the Internet and identified the number of vulnerabilities present in common configurations. Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw. 'This research was primarily focused on vulnerabilities in the SSDP processor across embedded devices,' Rapid7's CSO HD Moore said. 'The general process was to identify what was out there, make a list of the most commonly used software stacks, and then audit those stacks for vulnerabilities. The results were much worse than we anticipated, with the most commonly used software stack (libupnp) also being the most vulnerable.'"
Because of the BSD license (Score:1, Insightful)
Little incentive to contribute code as it will be snatched by Micro$oft and App£e.
Long standing bet (Score:5, Insightful)
The closest that I have seen to a good widespread attack was when a certain DSL modem would crash when script-kiddies were attacking NT machines and the same attack jammed up that model DSL modem. That wasn't really an attack and it didn't amount to much.
So my bet still stands with modification: there will be an attack, it will be soon, it will be a worm, and people will (mostly) be blissfully unaware of (why is my internet so slow) it and certainly be incapable of dealing with it. Thus it will come down to the ISPs to deal with it which should be interesting to watch.
Re:Long standing bet (Score:3, Insightful)
Router software is utter, total, complete shit and all of it is attackable with 25-year-old buffer overflows.
GP is right. A worm packing a handful of attacks, designed to replicate on old routers, would make hundreds of millions of victims and nothing could stop it.
It would actually force the rock-stupid morons to replace their obsolete hardware, though. That would be a good thing. Even if they buy the new castrated shit hardware that won't ever be supported.
Re:Brilliant by design (Score:3, Insightful)
Rapid7 provide a testing tool. It requires Java. So to find one vulnerability, you have to install another.
So don't install the Java plugin in your browser and quit bullshitting.