[dundee] Abstract for 19th April 2012
Kevin Smith
kevin.smith at thesoftwaresociety.org.uk
Mon Apr 16 08:23:49 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks,
The next meeting will be presented by Arron Finnon on UPnP at The
Burgh Coffeehouse, Castle Street, Dundee. It will be a 18.30 start as
usual.
Universal Plug and Play protocol (UPnP) can be described as a set of
networking protocols that allow a type of seamless discovery and
communication between other UPnP devices. Data sharing capabilities
are just the beginning of UPnP's remit, in some cases UPnP devices can
actually make configuration changes to one and other. The aim is a
type of hassle free configuration environment, aim to give its users
that "just works" felling, much like the plug and play technology of
the past. However hassle free configuration can ultimately mean
hassle free hacking.
This talk is loosely based on a previous BSides talk and aims to give
attendees an overall view of UPnP and some of the security issues
faced by many devices today. During 2011 and number of interesting
issues were discovered. The talk looks at how an attacker can deploy
a series of incredibly simple yet effective attacks against a wide
range of UPnP devices such as routers found in many homes today, and
why those very routers are ill equipped to defend against them. With
one simple command it is possible to open an internal port to an
external port without authentication or stamp within the routers
access logs. In some case it is even possible to disable internet
connectivity. Attacking the very fabric of UPnP's implementation to
gain a very real presence on a network.
Its easy to see why many technologically minded people argue turning
this protocol off, however it is not always as simple as it would
first appear. Much functionality of very popular devices and
applications would be lost, in addition for it not being the most user
friendly process to be invented. With concerns about this same
technology in the future being used in smart homes the threat can only
become bigger.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJPi9cMAAoJELqNP9qUBBaodbMH/0WmJvXTSwd5B6tQ/t/1747y
KQ9LtImABCgyJCbgUfMOAygCj+YXzajvnE5Z/929lK2TOEkdVcYApgE+oHBr6uXC
kxdL1Mm7EprcJa0sWh34+jyxeganoIQMjbCqnsFDeP3CslvxSugLazvl7tnfQXDn
3uYX+YU7qOqCwml02V9vL7o0u+g6vfp7fG7aNAl83wzBvh29PV2N4ozX4a0ZUOtT
PSKogFJG5o+M0SchGk043XlpdcXg2PKGwq4xxjSu8gotl+BdYfoxYxoR62FZjpMd
wiuCjhfm5Iq29HfOv9lO7zOFinHihUeLFQVjWky03IgI/99brCFiw5OhupogmHQ=
=ZP5l
-----END PGP SIGNATURE-----
More information about the dundee
mailing list