[ISN] Webcams, printers, gizmos - the untold net threats

From: InfoSec News <alerts_at_private>
Date: Fri, 17 Jul 2009 03:41:29 -0500 (CDT)
http://www.theregister.co.uk/2009/07/16/buggy_web_interface_peril/

By Dan Goodin in San Francisco
The Register
16th July 2009

Forget mis-configured Apache servers and vulnerability-laden Adobe 
applications. The biggest security threats to business and home networks 
may be the avalanche of webcams, printers, and other devices that ship 
with embedded web interfaces that can easily be turned against their 
masters.

The web interfaces are designed to make it easy to manage the devices by 
allowing people to use a readily familiar medium to change settings such 
as file names and IP addresses. But there's a catch: The low-cost 
gadgets were never designed to withstand attacks, even though they 
interact with some of the most sensitive parts of a computer network, 
says a team of researchers at Stanford University that tested 21 devices 
made by 16 different manufacturers.

"We didn't find a single secure device," said Hristo Bojinov, a PhD 
candidate at Stanford's Computer Security Lab, who plans to present the 
findings later this month at the Black Hat security conference in Las 
Vegas. "It tells us that it's a long tail that's completely overlooked 
right now."

The device that posed the highest number of threats was NAS, or 
network-attached storage, units, which were susceptible to all five 
attack classes considered in the study.

[...]


_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Fri Jul 17 2009 - 01:41:29 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 17 2009 - 01:59:23 PDT