Small devices with big problems
Dear Habrovchane! We know that sometimes you have enough for more than viewing capacious posts on Habré and swearing in comments. So read Marta Janus’s “Hydra Heads.” Malicious software for network devices . If you know what MIPS, UPnP, SNMP, CSRF and drive-by pharming are, and remember what Chuck Norris has to do with IRC, you might be interested in reading it.
As can be seen from the article, Martha is genuinely concerned with the problem of security of network devices, such as routers, access points and DSL modems.
')
First, Martha claims that these devices are often poorly configured and have numerous vulnerabilities in firmware, primarily in the web interface. The web interface may be vulnerable to attacks such as authentication bypass, cross-site scripting (XSS) and cross-site request forgery (CSRF). All this makes network devices an easy target and allows cybercriminals to quickly and easily gain control of the network.
At the same time attacks on network devices can cause significant damage to the victims of attackers. Here, for example, the possible consequences of unauthorized access to the router:
- Interception of network traffic
- Ability to eavesdrop on VoIP (Voice over Internet)
- Theft of WEP / WPA encryption keys
- Ability to change the device configuration:
• change / reset passwords
• access to internal networks from WAN (global computer networks)
• the risk of an attacker opening a backdoor giving access to a computer by port forwarding
• change DNS settings (drive-by pharming)
Secondly, network devices can serve as a shelter for malicious programs that have the ability to seamlessly again and again infect computers connected to a network device or build huge botnets from infected devices. And although there are only a few cases of malware infecting network devices (Martha is reviewing each of the malware known for routers in quite some detail today), the first step is the hardest.
According to Martha, at present, cybercriminals are most interested in changing DNS settings and creating botnets for DDoS attacks. However, the range of opportunities for using network devices for malicious purposes is much wider and includes extracting valuable data from intercepted traffic, hiding computer malware in the RAM of the router and distributing ransomware programs.
At the end of the article, Martha quite unequivocally asserts that the responsibility for the security of network devices lies with their manufacturers. They need to pay more attention to the vulnerabilities and security of the firmware and thoroughly test each device for security before launching it on the market.
Martha also writes about what specifically needs to be done in order to reduce security problems:
- implement randomly generated passwords so that the default password on each device is unique
- release new devices with secure settings that prohibit remote access to the device with a default login and password
- rework the UPnP implementation
- use the SNMP protocol only in its secure version
“Let's not be passive,” the anxious Martha calls, “It’s not too late to change the direction of security development for network devices.”
As can be seen from the article, Martha is genuinely concerned with the problem of security of network devices, such as routers, access points and DSL modems.
')
First, Martha claims that these devices are often poorly configured and have numerous vulnerabilities in firmware, primarily in the web interface. The web interface may be vulnerable to attacks such as authentication bypass, cross-site scripting (XSS) and cross-site request forgery (CSRF). All this makes network devices an easy target and allows cybercriminals to quickly and easily gain control of the network.
At the same time attacks on network devices can cause significant damage to the victims of attackers. Here, for example, the possible consequences of unauthorized access to the router:
- Interception of network traffic
- Ability to eavesdrop on VoIP (Voice over Internet)
- Theft of WEP / WPA encryption keys
- Ability to change the device configuration:
• change / reset passwords
• access to internal networks from WAN (global computer networks)
• the risk of an attacker opening a backdoor giving access to a computer by port forwarding
• change DNS settings (drive-by pharming)
Secondly, network devices can serve as a shelter for malicious programs that have the ability to seamlessly again and again infect computers connected to a network device or build huge botnets from infected devices. And although there are only a few cases of malware infecting network devices (Martha is reviewing each of the malware known for routers in quite some detail today), the first step is the hardest.
According to Martha, at present, cybercriminals are most interested in changing DNS settings and creating botnets for DDoS attacks. However, the range of opportunities for using network devices for malicious purposes is much wider and includes extracting valuable data from intercepted traffic, hiding computer malware in the RAM of the router and distributing ransomware programs.
At the end of the article, Martha quite unequivocally asserts that the responsibility for the security of network devices lies with their manufacturers. They need to pay more attention to the vulnerabilities and security of the firmware and thoroughly test each device for security before launching it on the market.
Martha also writes about what specifically needs to be done in order to reduce security problems:
- implement randomly generated passwords so that the default password on each device is unique
- release new devices with secure settings that prohibit remote access to the device with a default login and password
- rework the UPnP implementation
- use the SNMP protocol only in its secure version
“Let's not be passive,” the anxious Martha calls, “It’s not too late to change the direction of security development for network devices.”
Source: https://habr.com/ru/post/133308/
All Articles