The Intercept hat die falsche Darstellung zum NDG-Referendum korrigiert – Vermögen in Deutschland: Parallelwelt der Reichen
Jetzt hat's die UPC-Plasterouter erwischt…
From: Hacking Corporation Sàrl <releases@hackingcorp.ch> Date: 26 January 2016 at 15:29:13 GMT+1 To: fulldisclosure@seclists.org Subject: [FD] HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi ---------------------------------------------------------------------------- Advisory ID: HCA0005 - http://hackingcorp.ch/advisories/HCA0005.pdf Product: Horizon HD / WiFi Vendor: Liberty Global plc companies (Unitymedia GmbH, UPC Cablecom, ...) Affected Version(s): unknown Tested Version(s): current Vulnerability Type: Weak WiFi passphrase generation Risk Level: Medium Vendor Notification: 2015-05-14 Public Disclosure: 2016-01-25, patch ready (and validated by HC) CVE Reference: Not assigned Author of Advisory: Iván Almuiña <ivan.almuina and domain hackingcorp.ch> Document date: 2015-05-14 initial version sent to Liberty Global plc Document update: 2016-01-14 censored version for public disclosure Credits: Iván Almuiña for finding the vulnerability and developing the PoC Special Thanks: Nicolas Oberli for cleaning up the Proof-of-Concept ---------------------------------------------------------------------------- Description ---------------------------------------------------------------------------- The current model of the Horizon HD device sold by Liberty Global companies (Unitymedia GmbH, UPC Cablecom, etc. We are not aware of all their companies that sell this Set-Top Box around the world.) uses a weak default SSID/WPA2 passphrase generator. This vulnerability allows an attacker to predict – in a matter of seconds and offline – the default WPA2 passphrase based on the default SSID. By default, the latter is set as UPC24 or UPC50 followed by 7 digits (i.e. UPC241234567).
(Danke, Lix!)
publiziert Wed, 27 Jan 2016 22:43:46 +0100 #exploits #plasterouter