<a href="http://www.gnucitizen.org/blog/hacking-the-interwebs">http://www.gnucitizen.org/blog/hacking-the-interwebs</a><br><br>When the victim visits a malicious SWF file, a 4 step ATTACK will
silently execute in the background. At that moment the attacker will
have control over their router, pretty much regardless of its model. <strong>Many of the home routers are vulnerable to this attack as many of them support UPnP to one degree or another.</strong><br clear="all"><br>The attack does not rely on any bugs. Simply put, when two completely legitimate technologies, Flash and UPnP, are combined together, they compose a vulnerability, which exposes many home networks to a great risk. The attack depends on the fact that most, if not all, routers are UPnP enabled. The UPnP SOAP service can be accessed without authorization over the default Web Admin Interface. With the help of Flash, the attacker can send arbitrary SOAP messages to the router's UPnP control point and as such reconfigure the device in order to enable further attacks..
<br><br>The most malicious of all malicious things to do when a device is compromised via the attack described in the link pointed at the top of this email, is to change the primary DNS
server. That will effectively turn the router and the network it
controls into a zombie which the attacker can take advantage of
whenever they feel like it. It is also possible to reset the admin
credentials and create the sort of onion routing network all bad
guys want. Many routers come with Layer3 portforwarding UPnP service. This is also a potential vector that attackers can use. In cases like this, they will simply expose ports behind the router on the Internet facing side.
<br><br><strong></strong><strong>We hope that by exposing this information, we will drastically
improve the situation for the future. I think that this is a lot better
than keeping it for ourselves or risking it all by given the criminals
the opportunity to have in possession a secret which no one else is
aware of.</strong> The best way to protect against this attack is turn off UPnP if your router's Admin Interface allows it. It seams that many routers simply does not have this feature.<br><br>More information on related UPnP research can be found here:
<br><a href="http://www.gnucitizen.org/">http://www.gnucitizen.org/</a><br><a href="http://www.gnucitizen.org/blog/steal-his-wi-fi">http://www.gnucitizen.org/blog/steal-his-wi-fi</a><br><a href="http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-5">
http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-5</a><br><a href="http://www.gnucitizen.org/blog/hacking-with-upnp-universal-plug-and-play">http://www.gnucitizen.org/blog/hacking-with-upnp-universal-plug-and-play
</a><br><br><blockquote><p>GNUCITIZEN is a Cutting Edge, Ethical Hacker Outfit,
Information Think Tank, which primarily deals with all aspects of the
art of hacking. Our work has been featured in established magazines and
information portals, such as Wired, Eweek, The Register, PC Week, IDG,
BBC and many others. The members of the GNUCITIZEN group are well known
and well established experts in the Information Security, Black Public
Relations (PR) Industries and Hacker Circles with widely recognized
experience in the government and corporate sectors and the open source
community.</p>
<p>GNUCITIZEN is an ethical, white-hat organization that doesn't hide
anything. We strongly believe that knowledge belongs to everyone and we
make everything to ensure that our readers have access to the latest
cutting-edge research and get alerted of the newest security threats
when they come. Our experience shows that the best way of protection is
mass information. And we mean that literally!!! It is in the public's
best interest to make our findings accessible to vast majority of
people, simply because it is proven that the more people know about a
certain problem, the better.</p></blockquote>-- <br>pdp (architect) | petko d. petkov<br><a href="http://www.gnucitizen.org">http://www.gnucitizen.org</a> <a href="http://www.hakiri.com">http://www.hakiri.com</a>