Follow us
Description: Universal Plug and Play protocol (UPnP) can be described as a set of networking protocols that allow a type of seamless discovery and communication between other UPnP devices. Data sharing capabilities are just the beginning of UPnP's remit, in some cases UPnP devices can actually make configuration changes to one and other. The aim is a type of hassle free configuration environment, aim to give its users that "just works" felling, much like the plug and play technology of the past. However hassle free configuration can ultimately mean hassle free hacking.
This talk is loosely based on a previous BSides talk and aims to give attendees an overall view of UPnP and some of the security issues faced by many devices today. During 2011 and number of interesting issues were discovered. The talk looks at how an attacker can deploy a series of incredibly simple yet effective attacks against a wide range of UPnP devices such as routers found in many homes today, and why those very routers are ill equipped to defend against them. With one simple command it is possible to open an internal port to an external port without authentication or stamp within the routers access logs. In some case it is even possible to disable internet connectivity. Attacking the very fabric of UPnP's implementation to gain a very real presence on a network.
Its easy to see why many technologically minded people argue turning this protocol off, however it is not always as simple as it would first appear. Much functionality of very popular devices and applications would be lost, in addition for it not being the most user friendly process to be invented. With concerns about this same technology in the future being used in smart homes the threat can only become bigger.
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , bsides-12 , bsides-2012 ,
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=jQNBGLHXUOw
Comments (None):
Login to post a comment
-
Hack Of The Day: Customizing Shellcode For Fun And Profit
-
Hack Of The Day: How Do I Run Untrusted Shellcode?
-
Securitytube Linux Assembly Expert Exam Format
-
[Slae] Writing An Custom Insertion Encoder
-
[Slae] Execve Shellcode Stack Method
-
[Slae] Shellcoding Basics
-
[Slae] Using Libc And Nasm
-
[Slae] Hello World In Assembly Language
-
[Slae] What Is Assembly Language?
-
Securitytube Linux Assembly Expert (Slae) Course Introduction
-
Dumping Class Information In Ios Applications Using Class-Dump-Z
-
Setting Up Sogeti's Data Protection Tools On Ios
-
Creating A Remote Root Shell Using Bash And Launchd On Ios 6.0.1
-
Monitoring Strcpy With Bphook In The Immunity Debugger
-
Securitytube Gnu Debugger Expert: Part 14: Gdb On 64 Bit Systems
-
Securitytube Gnu Debugger Expert: Part 13: Iphone Application Reversing And Cracking With Gdb
-
Securitytube Gnu Debugger Expert: Part 12: Cracking A Simple Program On Arm Architectures
-
Securitytube Gnu Debugger Expert: Part 11: Setting Up Debian Armel In Qemu
-
Securitytube Gnu Debugger Expert: Part 10: Conditional Breakpoints Using Variables And Registers
-
Securitytube Gnu Debugger Expert - Part 9: Disassembling And Cracking A Simple Binary