Misconfigured Networks Vulnerable to PewDiePie Prank

  • 6 December 2018
  • 42 replies
  • 4139 views


Show first post

42 replies

Yet.
Yet.
With SMBv1 enabled at that time, I wasn't even exposed to the 'Wannacry' attacks back then. I suppose that's due to the router's built-in firewall doing its job.
Userlevel 7
Badge +21
UPnP is used for two things here: the first is the way Sonos devices communicate with each other. It is absolutely required. The "dangerous" UPnP is when routers allow their configurations to be changed via UPnP, to open ports in particular. Devices such as Xbox like to do this in order to produce "open nats" for better multi-player, and security NVR systems use it to allow you to view your videos from the internet at large. However allowing any device on your local network to control your router is hazardous, and I would recommend everyone disable that UPnP feature.
UPnP is used for two things here: the first is the way Sonos devices communicate with each other. It is absolutely required. The "dangerous" UPnP is when routers allow their configurations to be changed via UPnP, to open ports in particular. Devices such as Xbox like to do this in order to produce "open nats" for better multi-player, and security NVR systems use it to allow you to view your videos from the internet at large. However allowing any device on your local network to control your router is hazardous, and I would recommend everyone disable that UPnP feature.
As I said, Sonos didn't work properly until I've enabled UPnP in the router; that was back in 2013. So what to do in such case? On the other hand I am neither a gamer nor do I own a CCTV system.
Userlevel 1
Badge +3
Comcast leverages all their comcast modems to provide XFINITY wifi. In other words, if you have comcast then you are subsidizing their XFINITY wifi network by providing free bandwidth through your wifi. Of course they make more money off of XFINITY which is a separate and distinct service from the regular comcast package. How they covertly enable XFINITY through the modem/router/wap is unclear . I wonder how many of these hacked sonoses were on comcast's ISP
Userlevel 7
Badge +20
Comcast leverages all their comcast modems to provide XFINITY wifi. In other words, if you have comcast then you are subsidizing their XFINITY wifi network by providing free bandwidth through your wifi. Of course they make more money off of XFINITY which is a separate and distinct service from the regular comcast package. How they covertly enable XFINITY through the modem/router/wap is unclear . I wonder how many of these hacked sonoses were on comcast's ISP
Virgin Media in the UK does something similar with its cable network. In Virgin's case, the bandwidth does not come out of the subscriber's bandwidth allowance (they reserve an extra 20Mb/s), and the network access provided is entirely separate from the internal domestic network -- as it should be. It's also optional.

I think it's highly unlikely that the XFINITY service has been exploited for these attacks.
Userlevel 7
Badge +21
Comcast leverages all their comcast modems to provide XFINITY wifi. In other words, if you have comcast then you are subsidizing their XFINITY wifi network by providing free bandwidth through your wifi. Of course they make more money off of XFINITY which is a separate and distinct service from the regular comcast package. How they covertly enable XFINITY through the modem/router/wap is unclear . I wonder how many of these hacked sonoses were on comcast's ISP
Which is why I use a modem and separate router on my Xfinity connection, rather than a combination device. I don't want to subsidize their hotspot network (enough of my neighbors do already) and I want full control of my router/firewall.

The XFINITY hotspot network has nothing to do with this Sonos issue. Sonos devices can't even use it because of the username/password login that is required. But for more info, that network is completely separate from your own network. It uses a separate service code over Comcast's network, separate bandwidth from your own service, and a separate IP address range too.
Userlevel 7
Badge +21
As I said, Sonos didn't work properly until I've enabled UPnP in the router; that was back in 2013. So what to do in such case? On the other hand I am neither a gamer nor do I own a CCTV system.

I'd try turning it off and see if your Sonos still works, if it does leave it off. If it doesn't submit a diagnostic and contact Sonos support for assistance in getting things working properly.
I'd try turning it off and see if your Sonos still works, if it does leave it off. If it doesn't submit a diagnostic and contact Sonos support for assistance in getting things working properly.
Thanks, Stanley, but I have no problems with the Sonos system and I don't mind leaving UPnP turned on. I try to keep everything up-to-date and I believe that that is a dependable precautionary measure.
Or technically, Sonos. I think it's incredibly kind of them to take on the onus of helping you fix your system, as was offered in the post by Ryan S above.




When a person states that they have a router in use other than the one issued by the ISP this "usually" means that the router in use set up by a "tech" person and in general most routers no matter the brand come out of the box with no "open" ports until they are set up to be open through CLI or GUI, so Sonos is NOT doing anything to help by blaming other products. It is the backbone of the API of Sonos that is causing this.
I'm confused. You say the router is misconfigured by someone, and yet you are blaming Sonos, who doesn't do any router configuration.
I'm confused. You say the router is misconfigured by someone, and yet you are blaming Sonos, who doesn't do any router configuration.

You're confused because you're not paying attention, I never said it was misconfigured, I said even if a "tech" set up a personal (Other than ISP) router the ports on routers (unless the routers themselves are P.O.S's, which can be the case) by default are all closed unless the "tech" opens them through CLI or GUI,UPnP systems are designed with "special" circumstances, Sonos has a backdoor into all of their players through their API, this has been exploited...Sonos is just as confused by this as you are.
Userlevel 7
Badge +20
You're confused because you're not paying attention, I never said it was misconfigured, I said even if a "tech" set up a personal (Other than ISP) router the ports on routers (unless the routers themselves are P.O.S's, which can be the case) by default are all closed unless the "tech" opens them through CLI or GUI,UPnP systems are designed with "special" circumstances, Sonos has a backdoor into all of their players through their API, this has been exploited...Sonos is just as confused by this as you are.
I'm not surprised that @Airgetlam is confused. You seem to be saying -- in a very confusing manner -- that Sonos devices somehow configure routers to open up UPnP or API access to the open Internet. This is categorically not the case.
You're confused because you're not paying attention, I never said it was misconfigured, I said even if a "tech" set up a personal (Other than ISP) router the ports on routers (unless the routers themselves are P.O.S's, which can be the case) by default are all closed unless the "tech" opens them through CLI or GUI,UPnP systems are designed with "special" circumstances, Sonos has a backdoor into all of their players through their API, this has been exploited...Sonos is just as confused by this as you are.
I'm not surprised that @Airgetlam is confused. You seem to be saying -- in a very confusing manner -- that Sonos devices somehow configure routers to open up UPnP or API access to the open Internet. This is categorically not the case.


You guys seem to have comprehension issues, here we go: What I said was the UPnP or API of Sonos has a vulnerability that is being exploited, where did you ever see that I said Sonos configured anything???? Let me say it again, just in case you aren't understanding me, S-O-N-O-S has a vulnerability that has been exposed and it is in their API or UPnP and this exposure appears to be linked to crappy routers with weak UPnP protocols.
Userlevel 7
Badge +21
Let me say it again, just in case you aren't understanding me, S-O-N-O-S has a vulnerability that has been exposed and it is in their API or UPnP and this exposure appears to be linked to crappy routers with weak UPnP protocols.

Where is this "Sonos vulnerability" of which you speak? 95% of its features are through UPnP APIs, as are many other devices. There is no vulnerability there. Any device API becomes vulnerable when users somehow configure their routers to expose their home networks to the internet at large. Its like leaving your front door open, then complaining when someone walks in that front door and runs off with your "vulnerable" TV.
Let me say it again, just in case you aren't understanding me, S-O-N-O-S has a vulnerability that has been exposed and it is in their API or UPnP and this exposure appears to be linked to crappy routers with weak UPnP protocols.

Where is this "Sonos vulnerability" of which you speak? 95% of its features are through UPnP APIs, as are many other devices. There is no vulnerability there. Any device API becomes vulnerable when users somehow configure their routers to expose their home networks to the internet at large. Its like leaving your front door open, then complaining when someone walks in that front door and runs off with your "vulnerable" TV.
I agree and there is no point anyone blaming things like a 'crappy router' etc. Network security is (and always will be) down to the network owner/administrator. There are plenty of things on the market to help keep a LAN secure. Sonos cannot be held to account for other people’s own failures. The Sonos devices are designed to run on a 'secure' network, not one which has vulnerabilities, nor one that is incorrectly configured by its owner.

I have still not seen any such report that a Sonos System is now vulnerable on a correctly secured network.
Userlevel 1
Badge +5
My two cents....

Also, when setting up a home network one should always make sure it broadcasts as Private behind your router. Here are the IP address sequences as private: https://www.lifewire.com/what-is-a-public-ip-address-2625974

As is explained in the link Public IP Address sequences are 1 to 191. If your devices show an IP Address as such you are open to the public and/or hacking! :@


Be careful, this is not quite true, the article is correct but the point about the IP Addresses starting 1 to 191 are all public is not correct.

Simply put if your network DHCP server is handing out addresses in the following range they are private

10.0.0.0 to 10.255.255.255.
172.16.0.0 to 172.31.255.255.
192.168.0.0 to 192.168.255.255

The vast majority of addresses outside of these ranges are public addresses.

So a 10.x.x.x address is private
172.27.x.x address is private

As a general rule of thumb, addresses that start:-
10
169
172
192

Are internal, there are exceptions but generally they are ok.

But then it still is not as simple as this as you can have port forwarding, DMZ or NAT configured.

Best to scan your home network from a respected security service eg shields up... others are available

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings