Schedule: UPnP: dead simple, or simply deadly ?
| Speakers | |
|---|---|
|
Armijn Hemel |
| Schedule | |
| Day | Sunday |
| Room | AW1.126 |
| Start time | 17:00 |
| End time | 17:45 |
| Duration | 00:45 |
| Info | |
| Event type | Podium |
| Track | Embedded |
| Language | English |
One of the protocols that is in wide use on embedded devices (routers, mediaplayers, etcetera) is Universal Plug and Play (UPnP). The protocol was designed by Microsoft in the late 1990s to adapt the plug and play concept as used for USB on desktop machines to the world of networked devices. Now, nearly ten years later there are a lot of devices that use UPnP.
The UPnP protocol enables programs to do a lot of things automatically, for which normally a system administrator is needed, such as opening ports in firewalls in the case of routers. While it is convenient for normal users it enables a whole range of interesting attacks. The complete lack of authentication, combined with grave programming errors leads to situations where an attacker can gain complete control over devices, including reconfiguring firewalls and remote code execution. Many exploits were discussed and revealed at the SANE 2006 conference in Delft, The Netherlands, but new exploits keep popping up.
One of the latest exploits takes UPnP hacking to the web, using a Flash program and cross site scripting.
In this talk I will show why UPnP was developed, where the errors in common implementations are (and the reason why: the ODM development model), why you should care and what you can do to make sure you are not an attractive target. Exploit code will be shown.