/home
In May 2006 I presented a paper called "Universal Plug and Play: Dead simple or
simply deadly" at the SANE 2006
conference in Delft, The Netherlands (awarded with the best paper award),
where I discussed a lot of security problems with the Universal Plug and Play
protocol and quite a few UPnP implementations.
In the last few years
very little has changed. A lot of routers are still shipped with grave security
bugs, including involuntary onion routing, remote root exploits and complete
remote control over firewalls. New exploits are popping up, where bugs in
Universal Plug and Play are exploited using a buggy Flash plugin in a web
browser, turning a mostly local attack into something a lot more dangerous. And
that is just the beginning.
Disclaimer
This site is not a cracking site, but meant as a platform to tell about my research of security risks that exist in UPnP implementations that are running on millions of devices, that many people have as a central hub in their network and completely trust and to increase awareness about these risks, so the devices will get fixed and we will have a slightly safer Internet.
News
18 Oct 2009: [Site updates] Site updates...or lack thereof
As people who have been visiting this site might have noticed: not much has changed since March. I have not had too much free time since then to work on this, but I hope that towards the end of ... (read more)
5 Mar 2009: [General] UPnP eventing research
The research report by Joeri Blokhuis about hacking UPnP eventing on two devices was published (PDF).
(read more)4 Mar 2009: [IGD hacking] Conficker and UPnP
It appears that the Conficker worm uses UPnP to open ports in firewalls. I'm wondering if they have worked around all the quirks in the stacks ;-)
(read more)3 Feb 2009: [General] ELCE talk online (video)
A video of my UPnP talk at ELCE 2008 about abusing UPnP has been posted online at the Free Electrons website.
(read more)28 Jan 2009: [General] Wrapping up 'hacking eventing' project
Joeri Blokhuis, a student at OS3, is currently wrapping up his research about hacking the eventing system in a few UPnP devices. Although no shocking things have... (read more)
4 Jan 2009: [General] Project: hacking eventing
Starting tomorrow Joeri Blokhuis, a student at OS3 will start looking into possible vulnerabilities in the eventing system of various UPnP stacks.
(read more)3 Jan 2009: [Site updates] Frequently Asked Questions page added
The holiday season gave me some time to finally write a proper FAQ page. You can find the link in the menu.
(read more)29 Dec 2008: [Site updates] Code release soon
I'm currently documenting and cleaning up some of the Python code I use for performing checks. As soon as I am done I will release it (hopefully in early January).
(read more)23 Nov 2008: [Rants] Why routers will be next
Everybody is always giving Microsoft a hard time regarding security. Especially many Linux die-hard fans are convinced that everything Microsoft does is bad and Linux is safer, just because it i... (read more)
16 Nov 2008: [Site updates] Embedded Linux Conference Europe 2008 slides online
I've put the slides of my talk at the Embedded Linux Conference Europe online. You can find them in the 'Downloads' section.
(read more)9 Oct 2008: [A/V hacking] Trying to hack TVs - report
Recently I went to NXP (formerly Philips Semiconductors) to sit down with Jan Brands, one of their security researchers. He had scavenged the NXP offices for UPnP enabled devices, mostly TVs fro... (read more)
25 Sep 2008: [Talks] NLUUG autumn conference/Embedded Linux Conference Europe 2008
The program for the NLUUG autumn conference and Embedded Linux Conference Europe has been posted and registration has started. On November 7 I will give a talk about abusing UPnP.
(read more)