-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrss.xml
166 lines (166 loc) · 35.7 KB
/
rss.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xml:base="https://blog.avuln.com" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
<title>AVULN Blog</title>
<link>https://blog.avuln.com</link>
<description></description>
<language>en</language>
<item>
<title>A couple more common OAuth 2.0 vulnerabilities </title>
<link>https://blog.avuln.com/article/4</link>
<description><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><strong>TL;DR</strong> The couple of bugs described below are common across different OAuth 2.0 implementations. The bugs may allow a malicious application to maintain an access to victim's account even after access revocation performed by the victim. </p>
<p><!--break--></p>
<p> </p>
<p><span style="font-size: large;"><strong>1. Race Condition for <span style="font-family: 'courier new', courier;">access_token</span> / <span style="font-family: 'courier new', courier;">refresh_token</span> generation</strong></span></p>
<p>According to any OAuth 2.0 API documentation and to <a href="https://tools.ietf.org/html/rfc6749">OAuth 2.0 RFC</a>, when an application (<span style="font-family: 'courier new', courier;">client</span> in terms of OAuth) obtains <span style="font-family: 'courier new', courier;">code</span> value from OAuth 2.0 Provider (i.e. the moment when user authorizes an application), this value should be exchanged for <span style="font-family: 'courier new', courier;">access_token</span>. It seems to be obvious that <strong>one</strong> <span style="font-family: 'courier new', courier;">code</span> <strong>value should be exchanged for one</strong> <span style="font-family: 'courier new', courier;">access_token</span> (or for a single pair of <span style="font-family: 'courier new', courier;">access_token</span> and <span style="font-family: 'courier new', courier;">refresh_token</span>, if resresh tokens are supported). Also RFC contains quite explicit requirements about that:</p>
<p>1) <a href="https://tools.ietf.org/html/rfc6749#section-4.1.2">https://tools.ietf.org/html/rfc6749#section-4.1.2</a>:</p>
<blockquote><p><em><span style="font-family: 'courier new', courier;"> If an authorization code is used more than</span></em></p>
<p><em><span style="font-family: 'courier new', courier;"> once, the authorization server MUST deny the request and SHOULD</span></em></p>
<p><em><span style="font-family: 'courier new', courier;"> revoke (when possible) all tokens previously issued based on</span></em></p>
<p><em><span style="font-family: 'courier new', courier;"> that authorization code. The authorization code is bound to</span></em></p>
<p><em><span style="font-family: 'courier new', courier;"> the client identifier and redirection URI.</span></em></p>
</blockquote>
<p>2) <a href="https://tools.ietf.org/html/rfc6749#section-10.5">https://tools.ietf.org/html/rfc6749#section-10.5</a>:</p>
<blockquote><p><em><span style="font-family: 'courier new', courier;"> Authorization codes MUST be short lived and single-use. If the</span></em></p>
<p><em><span style="font-family: 'courier new', courier;"> authorization server observes multiple attempts to exchange an</span></em></p>
<p><em><span style="font-family: 'courier new', courier;"> authorization code for an access token, the authorization server</span></em></p>
<p><em><span style="font-family: 'courier new', courier;"> SHOULD attempt to revoke all access tokens already granted based on</span></em></p>
<p><em><span style="font-family: 'courier new', courier;"> the compromised authorization code.</span></em></p>
</blockquote>
<p>However, most of OAuth 2.0 providers we've tested either didn't have that mechanism or had a race condition bug in it. Due to that, many of the provides had authorization issues.</p>
<p> </p>
<p><strong>Proof Of Concept</strong></p>
<p>0) register an application with OAuth 2.0 provider you're going to test</p>
<p>1) open link to authorize the application</p>
<p>2) log into user (i.e. victim) account and Authorize the application</p>
<p>3) obtain <span style="font-family: 'courier new', courier;">code</span> value from callback URL</p>
<p>4) try to exploit Race Condition for obtaining <span style="font-family: 'courier new', courier;">access_token</span>:</p>
<pre class="brush: php; auto-links: true; collapse: false; first-line: 1; html-script: false; smart-tabs: true; tab-size: 4; toolbar: true; codetag">#!/bin/bash
for i in {0..20}
do
curl --data "code=$1&amp;client_id=CLIENT_ID&amp;client_secret=CLIENT_SECRET&amp;redirect_uri=CALLBACK_URL&amp;grant_type=authorization_code" "https://OAUTH_PROVIDER/oauth/token" &amp;
done
# where $1 is code value (first parameter passed to the script)</pre><p>5) please note that you may have to do several attempts to explot the race condition </p>
<p>6) if several <span style="font-family: 'courier new', courier;">access_token</span> values obtained, check whether each of them is valid</p>
<p>7) go to application settings for victim's account and revoke access for the application</p>
<p>8) check whether all <span style="font-family: 'courier new', courier;">access_token</span> values became invalid; if only one <span style="font-family: 'courier new', courier;">access_token</span> has been revoked and all the rest stay active -- this is the worst case</p>
<p> </p>
<p>PoC for <span style="font-family: 'courier new', courier;">refresh_token</span> is similar to the one just described, but on step 4 you may legally obtain <span style="font-family: 'courier new', courier;">access_token</span> and <span style="font-family: 'courier new', courier;">refresh_token</span> pair. Then you need to exploit Race Condition for<span style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; line-height: 1.625;"> </span><span style="font-size: 15px; line-height: 1.625; font-family: 'courier new', courier;">reshresh_token</span><span style="font-size: 15px; line-height: 1.625;"> request the same way:</span></p>
<pre class="brush: php; auto-links: true; collapse: false; first-line: 1; html-script: false; smart-tabs: true; tab-size: 4; toolbar: true; codetag">#!/bin/bash
for i in {0..20}
do
curl --data "refhresh_token=$1&amp;client_id=CLIENT_ID&amp;client_secret=CLIENT_SECRET&amp;redirect_uri=CALLBACK_URL&amp;grant_type=refresh_token" "https://OAUTH_PROVIDER/oauth/token" &amp;
done
# where $1 is refresh_token value (first parameter passed to the script)</pre><p>Explotation of Race Condition for <span style="font-family: 'courier new', courier;">refresh_token</span> is more dangerous than for <span style="font-family: 'courier new', courier;">access_token</span>, as usually there is no way for an attacker to fail. Each exploitation gives at least one new <span style="font-family: 'courier new', courier;">refresh_token</span> value that may be used later. So, number of token pairs grows exponentially, if provider is vulnerable.</p>
<p> </p>
<p><strong>Statistics</strong></p>
<ul><li><strong>32</strong> OAuth 2.0 providers tested</li>
<li><strong>26</strong> out of 32 had race condition bug:</li>
<ul><li><strong>5</strong> providers returned the same <span style="font-family: 'courier new', courier;">access_token</span> value for successful competing requests -&gt; <strong>good behavior</strong></li>
<li><strong>1</strong> provider generated different <span style="font-family: 'courier new', courier;">access_token</span> values, but only one token is valid -&gt; <strong>not bad behavior</strong></li>
<li><strong>20</strong> providers generated different <span style="font-family: 'courier new', courier;">access_token</span> values and all of them were valid -&gt; <strong>bad behavior</strong>, as it violates the RFC + unexpected flaws caused by multiple tokens/contexts generation are possible</li>
<ul><li><strong>10</strong> out of 20 providers had issues with revocation of access (step 8 from the PoC succeeded for them) -&gt; <strong>the worst case</strong>: a victim sees that access is revoked, but malicious application still has access to victim's account</li>
</ul></ul></ul><p> </p>
<p><span style="font-size: large;"><strong>2. Missing invalidation of authorization <span style="font-family: 'courier new', courier;">code</span> during access revocation</strong></span></p>
<p>Another issue which is common for multiple OAuth 2.0 implementations. It is not race condition bug. It is a logical error caused by misunderstanding of some "states" in OAuth 2.0 flow.</p>
<p>OAuth 2.0 API makes it possible for users to grant access to their accounts to some third-side applications. Of course, users are able to manage such applications' access to their accounts and may deny access for any application. When user denies access for the application, all <span style="font-family: 'courier new', courier;">access_token</span> values (and <span style="font-family: 'courier new', courier;">refresh_token</span> as well) are being revoked and become invalid. But not only <span style="font-family: 'courier new', courier;">access_token </span>should be revoked, authorization <span style="font-family: 'courier new', courier;">code</span> (it is an intermediate token used in OAuth2 Authorization Flow) must be revoked as well. Sadly, most of OAuth2 API implementations do not revoke authorization <span style="font-family: 'courier new', courier;">code</span> during access revocation. It may be exploited in order to restore access to user's account by malicious application right after access revocation.</p>
<p> </p>
<p><strong style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">Proof Of Concept</strong></p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">0) register an application for OAuth 2.0 provider you're going to test</p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">1) open link for authorization of the application</p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">2) log into user (i.e. victim) account and Authorize the application</p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">3) obtain <span style="font-family: 'courier new', courier;">code</span> value from callback URL</p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">4) obtain <span style="font-family: 'courier new', courier;">access_token</span>, check its validity if you wish</p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">5) open link for authorization again (i.e. repeat step 1)</p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">6) most of providers support automatic redirect to callback URL on this stage (also there may be additional parameters for that in URL: like <span style="font-family: 'courier new', courier;">force_approval</span> or <span style="font-family: 'courier new', courier;">approval_prompt</span> or some checkbox in applications settings), this makes exploitation easier; otherwise, Authorize the application manually</p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">7) copy <span style="font-family: 'courier new', courier;">code</span> value from callback URL and save it for furture usage</p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;">8) <span style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; line-height: 1.625;">go to application settings page for </span>victim<span style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; line-height: 1.625;">'s account and revoke access for the application</span></p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;"><span style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; line-height: 1.625;">9) ensure that <span style="font-family: 'courier new', courier;">access_token</span> obtained on step 4 is invalidated</span></p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;"><span style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; line-height: 1.625;">10) exchange <span style="font-family: 'courier new', courier;">code</span> value from step 7 for new <span style="font-family: 'courier new', courier;">access_token</span>, check whether new <span style="font-family: 'courier new', courier;">access_token</span> is valid</span></p>
<p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal;"><strong> </strong></p>
<p><span style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; font-weight: 300;">If new </span><span style="font-family: 'courier new', courier;">access_token</span><span style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; font-weight: 300;"> is valid, that means </span>malicious application still has access to user's account even after revocation of authorization by the user.</p>
<p> </p>
<p>For real attack scenario it is important to mention the following:</p>
<p>a) it seems that step 5 requires interaction from user, actually it is not necessary</p>
<p>b) authorization code obtained via callback has certain lifetime, but it is not an issue as well</p>
<p> </p>
<p>Malicious application that does not want to lose access to the user's account needs to place on its web site something like:</p>
<pre class="brush: php; auto-links: true; collapse: false; first-line: 1; html-script: false; smart-tabs: true; tab-size: 4; toolbar: true; codetag">&lt;html&gt;
&lt;img src="https://OAUTH_PROVIDER/authorize?client_id=CLIENT_ID&amp;client_secret=CLIENT_SECRET&amp;redirect_uri=CALLBACK_URL&amp;scope=SOME_SCOPE&amp;response_type=code"&gt;
&lt;/html&gt;</pre><p>Such code will "silently" produce new authorization code each time it has been loaded by the user. Check the traffic or contents of access.log on the callback server while opening a page with the html-snippet listed above:</p>
<pre class="brush: php; auto-links: true; collapse: false; first-line: 1; html-script: false; smart-tabs: true; tab-size: 4; toolbar: true; codetag">root@server:/var/log/nginx# tail -f access.log
&lt;...&gt;
&lt;IP hidden&gt; - - [16/Apr/2015:13:08:56 +0000] "GET /callback?state=0123456789abcdef&amp;code=xlDxVYdnJlsAAAAAAAAFQDUmzla7P8Jg9fM2rNxwP8U HTTP/1.1" 200 14 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"</pre><p>As you see, the malicious application has just obtained new <span style="font-family: 'courier new', courier;">code</span> value that would not be revoked when user clicks "Delete Authorization".</p>
<p> </p>
<p><strong>Statistics</strong></p>
<ul><li><strong>29</strong> OAuth 2.0 providers tested</li>
<li><strong>18</strong> out of 29 of them had the issue</li>
</ul><p>3 OAuth providers tested for the first issue are not included in statistics for the second one (32 - 29 = 3), as they had even bigger issues with access revocation: it was either not implemented at all or was not accessible by user.</p>
<p> </p>
<p><strong>Summary</strong></p>
<ul><li><span style="font-size: 15px; line-height: 1.625;">read and understand RFCs and standards very attentively, many bugs are caused by bad implementation, not by bad requirements</span></li>
<li style="font-size: 15px;"><span style="font-size: 15px; line-height: 1.625;">be extremely careful when you develop multi-threaded applications</span></li>
<li><span style="font-size: 15px; line-height: 1.625;">being a user, do not grant access to unknown apps </span>:)</li>
</ul><p> </p>
</div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/oauth" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">oauth</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/oauth20" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">oauth2.0</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/race-condition" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">race condition</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/accesstoken" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">access_token</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/refreshtoken" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">refresh_token</a></div></div></div></description>
<pubDate>Mon, 18 Sep 2017 13:58:53 +0000</pubDate>
<dc:creator>Dor1s</dc:creator>
<guid isPermaLink="false">4 at https://blog.avuln.com</guid>
<comments>https://blog.avuln.com/article/4#comments</comments>
</item>
<item>
<title>AVULNATOR prototype in action!</title>
<link>https://blog.avuln.com/article/3</link>
<description><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Recently, we have presented the first prototype of AVULNATOR ever. The announcement took place at Positive Hack Days conference in Moscow.</p>
<p>Now it is time to publish a bit more information about the first prototype of AVULNATOR to our blog. Additional bonus here is Proof-of-Concept video at the end of the article.</p>
<p>Well, there is no doubts that AVULNATOR is a revolutionary device for home network protection and its prototype should has some touchable appearance. Honestly, its first piece has not incredible design and awesome look <span style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; line-height: 1.625;">yet</span><span style="font-size: 15px; line-height: 1.625;">; however, it looks pretty hardcore right now being packed in our handmade case :)</span></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" src="/sites/default/files/files-storage/avulnator_prototype_1.jpg" alt="" width="1200" height="972" /></p>
<p>Speaking about functionality of the AVULNATOR, to use its prototype right now you need just to do the following two steps:</p>
<ol><li><span style="font-size: 15px; line-height: 1.625;">Connect AVULNATOR to your home router (or to ISP cable, in case you do not use your own router)</span></li>
<li><span style="font-size: 15px; line-height: 1.625;">Set up your smart electronic devices to be connected to AVULNATOR’s wireless network</span></li>
</ol><p>That is all what you need to do. For some smart devices also may be needed to add their models at AVULNATOR’s control panel. Check PoC video at the end of the post to ensure how easy it is.</p>
<p>Since you connected your devices, AVULNATOR starts to protect them against any possible cyberattacks. According to <strong>OWASP: IoT Security Checklist</strong> originally contributed by <a href="https://wallarm.com/">Wallarm Inc.</a> experts, AVULNATOR supports all possible threat models considered so far:</p>
<p><img src="/sites/default/files/files-storage/competitors_ok.PNG" alt="" width="1200" height="577" /></p>
<p>It is a very good point. While choosing any sort of protection, one should clearly understand which kind of attacks and threats he is going to mitigate. Protection against highly theoretical threats (like external attack via direct connection to smart electronics) is meaningless, because in more than 99% of cases such attacks are not possible. As a result, there is no reason to pay for this.</p>
<p> </p>
<p>Below is Proof-of-Concept video of how the prototype works. There you can see interface of AVULNATOR's control panel and demonstration of its protection in action. Initially, protection is turned off (“<em>Security status</em>” option). Then a public exploit for one of smart devices is used to get root access to the device. Further, we enable security status of AVULNATOR and check exploit again. Enjoy.</p>
<p style="text-align: center;">
<iframe src="https://player.vimeo.com/video/132646597" frameborder="0" width="500" height="313"></iframe></p>
<p style="text-align: center;"><a href="https://vimeo.com/132646597">AVULNATOR: Proof of Concept video</a> from <a href="https://vimeo.com/avuln">AVULN Security Industries</a> on <a href="https://vimeo.com">Vimeo</a>.</p>
<p> </p>
</div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/avulnator" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">avulnator</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/internet-things" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">internet of things</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/iot" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">IoT</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/smart-house" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">smart house</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/home" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">home</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/poc" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">PoC</a></div></div></div></description>
<pubDate>Mon, 06 Jul 2015 11:15:21 +0000</pubDate>
<dc:creator>Dor1s</dc:creator>
<guid isPermaLink="false">3 at https://blog.avuln.com</guid>
<comments>https://blog.avuln.com/article/3#comments</comments>
</item>
<item>
<title>My home is my castle… or no longer?</title>
<link>https://blog.avuln.com/article/2</link>
<description><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>From ancient times <em>home</em> is associated with safe and quiet place. Seems like soon it can be changed.</p>
<p>Recently <em>Forbes</em> published an article about <a href="http://www.forbes.com/sites/aarontilley/2015/03/06/nest-thermostat-hack-home-network/">possible vulnerabilities in Nest Thermostat</a>. Vulnerability looks unexploitable in practice because physical access to the device is required. However, it is easy to imagine some distributor’s employee or a serviceman getting access to your device and then getting control of it. </p>
<p>Nest Thermostat is a great device and now treated as one of the most secure, according to Forbes. The same thing cannot be said about other “Internet of Things” stuff:</p>
<ul><li><a href="https://threatpost.com/researcher-discloses-wi-fi-thermostat-vulnerabilities/108434">https://threatpost.com/researcher-discloses-wi-fi-thermostat-vulnerabilities/108434</a></li>
<li><a href="http://www.securityfocus.com/archive/1/534774">http://www.securityfocus.com/archive/1/534774</a></li>
<li><a href="http://www.cheatsheet.com/technology/usb-drive-to-smart-home-which-of-your-devices-can-be-hacked.html/?a=viewall">http://www.cheatsheet.com/technology/usb-drive-to-smart-home-which-of-your-devices-can-be-hacked.html/?a=viewall</a></li>
<li>and so on</li>
</ul><p><em>IoT</em>-era is only raising now. Importance of information security acknowledged now better than ever. Despite that, between comfort and security, we always prefer comfort. Usually comfort has nothing in common with security. It is why creating incredible and high-quality products is so difficult and require many resources for vendors.</p>
<p style="text-align: left;">Currently serious cybersecurity threats for our homes are related not only with innovative devices. Most of all widely spread routers for home <a href="http://www.cvedetails.com/vendor/899/D-link.html">have</a> <a href="http://www.cvedetails.com/vendor/1414/Utstarcom.html">so</a> <a href="http://www.cvedetails.com/vendor/3447/Asus.html">many</a> <a href="http://www.cvedetails.com/vendor/1369/Belkin.html">different</a> <a href="http://www.cvedetails.com/vendor/859/Zyxel.html">vulnerabilities</a>. <a href="http://www.cvedetails.com/vendor/11936/Tp-link.html">Yeah</a>. Hackers exploit such security holes, as <a href="http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-routers/">KrebsOnSecurity reports</a>, and <a href="https://threatpost.com/lizard-squads-ddos-for-hire-service-built-on-hacked-home-routers/110341">do it very successful</a>.</p>
<p>An attacker controlling your router may control all your traffic. Such evil thing affects not only your privacy, but also makes another threats become actual. Sure, you have already heard about <em>HTTPS</em> (HTTP over SSL/TLS) which made to protect traffic against eavesdropping. News, especially recent news reveal that it is not perfect at all: <a href="http://heartbleed.com/">Heartbleed</a>, <a href="http://poodlebleed.com/">POODLE</a>, <a href="https://freakattack.com/">FREAK</a>, what’s next? Also <a href="http://thehackernews.com/2015/02/lenovo-superfish-malware.html">some vendors give good opportunities to hack their customers</a>.</p>
<p>Vulnerabilities in home routers along with software holes in endpoint devices make very easy to steal your money from online-banking or your private photos from cloud storage.</p>
<p>If somebody is not sure of the possibility of practical implementation of such threats, <a href="https://ctfcrew.org/writeup/97">this write-up</a>, for example, may serve as a proof of concept. It is not a hacking tutorial; it is just solution of one task from a hacking contest. But it really shows step-by-step how to realize attack very similar to the one described above.</p>
<p>May be it looks hard for a normal user, but actually it is very easy to implement.</p>
<p>Hackers are thieves. Default-password is like an opened door to your home. Out-of-date software is like an opened window.</p>
<p>Should we be scared? No. We must be extremely attentive now to prevent our families and folks from trouble. It really matters. We should carefully use opportunities of modern technologies and fully understand (when it’s possible) what we do each time using the Internet.</p>
<p>To help you with that, we at <em>AVULN Security Industries</em> are developing <a href="https://avuln.com/forhome">AVULNATOR</a>. The device that will block malicious traffic incoming to your home network and other malware activity. AVULNATOR will be always up-to-dated because of our distributed cloud-based monitoring system. Read more at our <a href="https://avuln.com/forhome">AVULNATOR</a> page.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" src="/sites/default/files/files-storage/protect.png" alt="" width="300" height="300" /></p>
<p style="text-align: center;">Pre-oder does not require payment, but gives your 10% off discount.</p>
<p style="text-align: center;">Placing pre-order now, you help us make AVULNATOR cheaper.</p>
</div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/avulnator" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">avulnator</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/internet-things" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">internet of things</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/iot" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">IoT</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/smart-house" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">smart house</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/home" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">home</a></div></div></div></description>
<pubDate>Thu, 12 Mar 2015 12:21:43 +0000</pubDate>
<dc:creator>Dor1s</dc:creator>
<guid isPermaLink="false">2 at https://blog.avuln.com</guid>
<comments>https://blog.avuln.com/article/2#comments</comments>
</item>
</channel>
</rss>