The attack is based around a stack overflow error in a proprietary piece of software called NetUSB. The major flaw was discovered by Stefan Viehbock of SEC Consult Vulnerability Lab, according to ITProPortal.
NetUSB is used by WiFi routers to provide access to devices such as USB external hard drives or printers connected to the router. You can then access them over the network from any device in your home, a feature that a large proportion of the population are likely to have used.
NetUSB begins by authenticating that your computer is safe, requesting that the computer’s name is sent to the router so that it can be validated. Unfortunately, this “authentication check” actually goes horribly wrong if it fails.
NetUSB expects the name to be no longer than 64 characters in length but users are able to customise the name of their computers using tools built-in to the operating system in Windows and OS X. This means that NetUSB could receive a name that is longer than 64 characters.
When that happens, the buffer used to retrieve the name over the Internet overflows. The code begins to execute in low-level kernel mode and from this point forward the router is open to hijacking and attack.
With the kernel exposed and open, hackers could force it to run malicious code by corrupting the stack, raising the prospect of gaining remote control of the device or looking through the contents of the network. Stack buffer overflows often destabilise devices too so the router could operate erratically or persistently crash.
NetUSB is used by a very wide variety of router manufacturers including D-Link, Netgear and TP-Link. Only TP-Link has responded so far with a patch for all 40 of its products.
NetUSB’s developers have not yet acknowledged the issue and Viehbock says that they have only sent him “nonsensical responses” to his detailed vulnerability analysis and proof of concept code which he gave to them in February.
