Friday, July 17, 2009

The Biggest Hole in Your Network

According to a research published in The Register yesterday, the biggest security threat in your home/office is your network attached device (link to report).

The proliferation of devices that connect to the network/internet, such as network printers, wireless cameras, multimedia devices, NAS, etc. brought with it a new dimension of insecurity we haven't considered before. Moreover, the research shows most manufactures don't care much about security, and their web interfaces are highly hackable, by he simplest methods out there.

Script-kiddie level hacks applied to your device's web interface, such as JavaScript strings in place of user names, and cross-site scripting (XSS) can turn your camera into a spy, or have your printer send a copy of every scanned document to an external address.

The report does not name names (sadly), but hints that 4 out of the 5 big NAS manufacturers have been neglect in their duty to protect your data. The full results of the research will be presented later this month at the Black Hat security conference in Las Vegas (meaning that pretty soon, every hacker on Earth will hear about this).

We can only hope that device manufacturers take the research to heart and publish updates to their software and firmware that blocks such simple attacks. Knowing some of the players though, suggests it would take a long time for them to do so, if at all - there's no money in fixing things.

In the meantime, I recommend using your router to make sure network-attached devices are not accessible to the outside world. If you must access them, DO NOT use their built-in web interfaces, but some secure protocol like VPN or SSH.

No comments: