Millions of smart devices at risk from 3-year-old flaw

Pierluigi Paganini December 04, 2015

According to Trend Micro up to 6.1 million smart devices, including this smart TV and routers haven’t patched a software vulnerability dating from 2012.

Millions of smart TVs, routers and phones are at risk due to a presence of a 3-year-old vulnerability in a software they use. According to the experts at Trend Micro, the security flaw hasn’t been patched by many vendors despite the availability of a patch since 2012.

“A total of 6.1 million devices – smart phones, routers, smart TVs – are currently at risk to remote code execution attacks due to vulnerabilities that have been fixed since 2012.” wrote Veo Zhang, a mobile threats analyst at Trend Micro. “The vulnerabilities exist in the Portable SDK for UPnP™ Devices, also called libupnp. This particular library is used to implement media playback (DLNA) or NAT traversal (UPnP IGD). Apps on a smartphone can use these features to play media files or connect to other devices within a user’s home network.”

Trend Micro discovered that 547 apps that use an unpatched version of the software component, 326 are available in Google’s Play app store and most of the apps are very popular and used by million users. One of the affected apps is QQMusic that is distributed by Tencent, the company promptly released an update for the Android app on Nov. 23 after the disclosure of the news.

“These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all at risk as well,” he added.

We discussed several times about smart devices, aka IoT devices, and their capability to gather and share huge quantities of information, including sensitive data, raising serious concerns in term of privacy.

Our surface of attack is enlarging as never before, both in workplace and in the private life, experts in the security industry sustain that the majority of IoT vendors doesn’t adopt a security by design approach. It is quite common to find smart objects poorly configured or affected by critical security flaws.

In this specific case emerges the inability of manufacturers to implement an efficient patch management. Million of vulnerable devices, such as routers and smart TVs, are exposed on the Internet.

The experts at Trend Micro confirmed that threat actors are already attacking these vulnerable devices, exploiting the flaws the attackers would take complete control of the targeted system.

Once identified a vulnerable device, an attacker can send a specially crafted packet to trigger a buffer overflow. In the code below, the TempBuf buffer can overflow and cause a crash.

smart devices scan

“With further research an exploit could be used not just to cause a crash, but to run arbitrary code on an affected device. The ability to run arbitrary code would give the attacker the ability to take control of the device, as on a PC.” continues the post. “We have seen exploits in the wild targeting devices that do not use mitigation protections such stack canaries, DEP, and ASLR. For well protected systems, we do not know of exploits that are currently capable of remote code execution.”

The security vulnerability affects the ‘libupnp’ code library inside the Portable SDK for UPnP Devices, it is used to playback media and also for NAT functionalities.

Below a list of the most popular affected apps:

Common Name Package Name
AirSmartPlayer com.gk.airsmart.main
Big2Small com.alitech.dvbtoip
CameraAccess plus jp.co.pixela.cameraaccessplus
G-MScreen mktvsmart.screen
HexLink Remote (TV client) hihex.sbrc.services
HexLink-SmartTV remote control com.hihex.hexlink
Hisense Android TV Remote com.hisense.commonremote
Netflix com.netflix.mediaclient
nScreen Mirroring for Samsung com.ht.nscreen.mirroring
Ooredoo TV Oman com.ooredootv.ooredoo
PictPrint – WiFi Print App – jp.co.tandem.pictprint
qa.MozaicGO.Android Mozaic GO
QQMusic com.tencent.qqmusic
QQ音乐HD com.tencent.qqmusicpad
Smart TV Remote com.hisense.common
Wifi Entertainment com.infogo.entertainment.wifi
モバイルTV(StationTV) jp.pixela.px01.stationtv.localtuner.full.app
에브리온TV (무료 실시간 TV) com.everyontv
多屏看看 com.letv.smartControl
海信分享 com.hisense.hishare.hall

 

Pierluigi Paganini

(Security Affairs – smart devices, libupnp library)



you might also like

leave a comment