cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Contributor
1,067 Views
Message 1 of 4

Are the Home Hubs vulnerable to this Security Hole?

Go to solution

UPnP-enabled routers allow attacks on LANs

Routers from various manufacturers support UPnP (Universal Plug and Play) on their WAN interfaces, which apparently makes it possible for attackers to reconfigure them remotely via the internet and, for example, misuse them as surfing proxies or to infiltrate internal LANs. The problem was discovered by IT security specialist Daniel Garcia, who has developed the Umap tool to demonstrate the problem; the tool is available to download free of charge.

 

Umap detects UPnP-enabled end devices such as DSL routers and cable modems on the internet by directly retrieving the devices' XML descriptions. The required URLs and ports for some models are hard-coded into the tool. This enables the software to bypass the usual restriction that only allows UPnP to search for compatible hardware via multicast in local networks. Garcia says that entire device series by Edimax, Linksys, Sitecom or Thomson (SpeedTouch) respond to UPnP requests on their WAN interfaces.

 

Since UPnP isn't designed to include any authentication, the XML description can always be retrieved. Garcia said that, by performing an internet scan, he managed to detect 150,000 potentially vulnerable devices within a short period of time. Once initial contact has been made, the scanner sends such UPnP commands as AddPortMapping or DeletePortMapping to the devices via SOAP requests. LAN devices usually use these commands to access the internet via NAT. However, the devices from the manufacturers in question allow the port to be opened – and redirected to any other LAN device – via the WAN interface. Umap attempts to guess the internal IP address that is required to do so.

 

Source LINK

 

I know the Home Hub 2.0A is a Thomson (SpeedTouch).  Is it vulnerable to this attack and if so when will BT produce an urgent patch to fix it?

0 Ratings
3 REPLIES 3
Highlighted
Contributor
1,019 Views
Message 2 of 4

Re: Are the Home Hubs vulnerable to this Security Hole?

Go to solution

Yep. All Homehubs are vulnerable - or al least the standard BT firmware ones are. 😉

Erlidoch 'm namyn ewyllysi erioed arhosa 'm
Highlighted
Contributor
999 Views
Message 3 of 4

Re: Are the Home Hubs vulnerable to this Security Hole?

Go to solution

Thanks PsiDOC.  This needs to be fixed urgently BT!

0 Ratings
Highlighted
Community Manager - Retired
958 Views
Message 4 of 4

Re: Are the Home Hubs vulnerable to this Security Hole?

Go to solution

Hi All

 

I have been following this up for you and would like to confirm that the software specified in the Hub 2.0a is secure against the attack you mention here.

 

Thx

Kerry

Retired BTCare Community Manager - StephanieG and SeanD are your new Community Managers

If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.