Quote:
Originally Posted by Nikolas
What does that mean in laymans terms all I read was It gibberish
|
Hi Nik,
An increasing number of appliances come with Ethernet or WiFi connectivity.
A good example is a network connected printer.
Normally these devices are only exposed to your local intranet.
However, some devices can be configured to be remotely accessible
through the Internet as well.
For example, APC is a well-known manufacturer of Uninterruptible
Power Supplies (UPS's). Some higher-end models have networking
capability and can be configured to be accessed remotely.
Perhaps one is in a remote observatory that the owner can receive alerts
from if the mains power fails.
One vulnerability exists in some of these UPS's. An attacker can gain access
to the internal network via the UPS.
The software module within these devices that provides networking
capability is referred to as a TCP/IP stack. There are many sources of
TCP/IP stacks. However some equipment manufacturers purchased
TCP/IP stacks from a company called Treck Inc. to embed within their
own products. The stacks from Treck Inc. are the ones found to have
multiple vulnerabilities.
As a rule of thumb, if you have a device that can be configured to be
accessible remotely over the internet, treat it with suspicion if you have
configured it to do so. Ask yourself, do you really need to access it remotely?
Though it is not directly related to the Treck TCP/IP stack exploit, in
particular it is prudent to treat IP security cameras with suspicion.
Many households and organizations equip themselves with security
cameras that they can then monitor remotely. Apart from the potential
of being "hijacked" by an outsider, if the software that was embedded in
them in the first place contains a backdoor or trojan horse, it can result
in not only the camera's images being accessed by a third party, but
make all other devices including computers on the same network
vulnerable.
Also treat Internet of Things (IoT) devices with their own embedded WiFi hubs
with suspicion. For example, a quick scan of access points on my smartphone
reveals neighbours running multiple IoT devices. I have no idea what they are
specifically, but for example might be IP cameras or some form of home automation.
Though the "lock" icon shows they are secure using WPA-2 or some other WiFi security
mechanism, they are a good example of the type of device that may have a vulnerability.
WiFi devices that provide WPS as the security mechanism these days are regarded as vulnerable.
Don't run WPS.