Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most Home Routers Vulnerable to Flash UPnP Attack

Posted by CmdrTaco on from the oh-this-will-go-well dept.

An Anonymous reader noted that some folks at GNU Citizen have been researching UPNP Vulnerabilities in home routers, and have produced a flash swf file capable of opening open ports into your network simply by visiting an unfortunate URL. Looks like Firefox & Safari users are safe for now.

4 of 253 comments (clear)

  1. Nothing new, really by Billosaur · · Score: 3, Interesting

    It all hinges on going to a malicious web site. Just like email trojans, if you resist temptaion and use some common sense, do you really have to worry about this?

    --
    GetOuttaMySpace - The Anti-Social Network
    1. Re:Nothing new, really by jandrese · · Score: 3, Interesting

      The annoying thing about it is that applications (especially games!) are written these days assuming you're either directly connected or behind a uPNP router. I had a hell of a time trying to get C&C3 working over my BSD based router because it assumed I was using uPNP.

      --

      I read the internet for the articles.
  2. WHERE $money; PUT $mouth by ronadams · · Score: 3, Interesting

    I dont get the whole turn off ssid and mac filtering, change default password crap. more often than not kismet works out the ssid if hidden, mac can be spoofed using macchanger, and i usually guess peoples passwords or look it up on list of manufacturer default list. the alternative is to completely crash a router as it just resets with factory defaults and you can completely take over the router.

    I live in Cincinnati, Ohio. You come (wirelessly) break into my router, change the current settings by opening port 1337, and I'll refund the cost of your travel (as determined by hotwire or expedia's fare rates on the day of your travel), and pay you $100 additional, all in cash on the same day.

    It's a SOHO router, but I won't tell you what make/model -- if your prowess is as you claim, you should have no trouble determining that. You may not enter the apartment or inspect any systems currently connected -- but you shouldn't need to. I have no other firewalls, proxy servers, or tricks on the front end of this router -- it's straight from modem to unit. You may have 48 consecutive hours to complete the task.

    Still confident? Email me at radams theatsign tohuw.net and make arrangements.

    --
    Appended to the end of comments you post. 120 chars.
    1. Re:WHERE $money; PUT $mouth by ronadams · · Score: 3, Interesting

      I'm aware of both of those issues. My offer still stands.

      --
      Appended to the end of comments you post. 120 chars.