Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Questargon

CallStranger - Exploitable UPnP vulnerability in millions of devices

8 hours ago, BlueScope819 said:

Could someone possibly make an "idiots guide to scanning your local network"? This is my first time using Python, I just tried and windows CLI told me python3 was not a command that existed. Thanks.

HA! I got it working natively under Windows 10.

 

It all starts with:

 

1) Download the python script from https://github.com/yunuscadirci/CallStranger/archive/master.zip
2) Unpack it into a directory of your choice.

 

WINDOWS 10 natively:

 

Use these steps:

 

3) Install Python 3.8 from the Microsoft Store.

4) Open a PowerShell or cmd (I used an Administrator PowerShell for this, but I am not sure whether you really need it).

5) Install PIP using the Script provided here:https://www.liquidweb.com/kb/install-pip-windows/

6) Execute the following commands on the shell:

cd [to the directory called "CallStranger-master"]
pip install --upgrade pip
pip install -r requirements.txt
python3 setup.py install --local
python3 CallStranger.py

see COMMON NOTES... below when the script does not detect anything on the first run.

 

WINDOWS 10 using Cygwin:

 

(Alternatively) It IS possible to run that script on a Windows machine, but ... well ... it uses a Linux subsystem ^_^; You can use Cygwin for that, see https://www.cygwin.com/.

 

3) Download the Cygwin setup program: https://www.cygwin.com/setup-x86_64.exe
4) Follow instructions and when selecting packages to install, select the following additional packages:

   * cygwin-gcc-core

   * python36-devel
   * python36-pip

   * python36-cffi

   * python36-openssl

   * mingw64-x86_64-openssl

   * libffi-devel

(I hope I didn't miss anything here.)

 

Setup your Python stuff:

 

5) Open the freshly installed Cygwin Shell (Called Cygwin64 Terminal in the Start Menu).

6) enter the following:
 

cd [into the directory "CallStranger-master" you unpacked from the zip above. That might start with /cygdrive/c/ under cygwin!]
pip3 install --upgrade pip
pip3 install -r requirements.txt
python3 setup.py install
python3 CallStranger.py

see COMMON NOTES... below when the script does not detect anything on the first run.

 

Windows 10 using WSL / WSL 2:

 

The WSL for Windows will NOT work because it is usually configured as a virtual machine with a NAT so the Linux there will run on another encapsuled network. If you know how to run WSL in the same network of the windows machine, you're good to go.

 

Windows 10 using VMWare Player (or similar):

 

 Another possibility would be to run a Linux in a VM that a free tool like VMWare Player provides. The only thing to remember here is to connect this VM directly to your network via "bridge" and avoid using NAT.

 

grafik.png.b8cdd4856d7041e5fd1e53f5bca5cd96.png

 

When Linux is installed, temporarily stop your firewall with

sudo systemctl stop firewalld

or it might block all UPnP access from within your Linux VM.

 

COMMON NOTES FOR ALL OF THE ABOVE:

 

The first run of the CallStranger.py will likely NOT provide you with any results. Try to connect with your windows machine to at least one UPnP enabled device and then run CallStranger.py again. (The UPnP device that did the trick for me was my minidlna service on my Linux server. I connected my VLC Player to it and played some music while CallStranger.py was running).

 

Hth,

questargon

Recommended Posts

13 minutes ago, Shorty88jr said:

Can anyone do a sanity check for me. So if I understand this right even having UPnP disabled at the router level does nothing?

Never said that. He asked if there was anything else to do, like updating and I said blocking all traffic except for whitelisted stuff is the best way to protect against attacks.

Disabling UPnP at your gateway is enough to protect you against UPnP flaws on home networks, because stops it from opening ports for incoming connections.
If you're on a public network, disable UPnP on your devices.

 

16 minutes ago, Shorty88jr said:

Does having a DSL modem/router combo in modem only mode and passed to pfsense system for the actual router part have any vulnerabilities on the modem side?

Depends on the manufacturer implementation of the modem-only mode. I prefer using it as a router and configuring it manually instead of relying on ISP default settings (which usually are hot garbage). If your pfsense router is the gateway, then disable UPnP on it.

Link to post
Share on other sites

As far as I'm concerned UPnP is itself a vulnerability and should be kept disabled at the router level, so this doesn't concern me.  I'd recommend anyone interested follow a similar protocol, especially with this new news.  For everyone else who doesn't keep up with tech and runs everything with default settings, this will unfortunately only add to the long list of security issues with IoT devices.


Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to post
Share on other sites
4 hours ago, gabrielcarvfer said:

Never said that. He asked if there was anything else to do, like updating and I said blocking all traffic except for whitelisted stuff is the best way to protect against attacks.

Disabling UPnP at your gateway is enough to protect you against UPnP flaws on home networks, because stops it from opening ports for incoming connections.
If you're on a public network, disable UPnP on your devices.

 

Depends on the manufacturer implementation of the modem-only mode. I prefer using it as a router and configuring it manually instead of relying on ISP default settings (which usually are hot garbage). If your pfsense router is the gateway, then disable UPnP on it.

Ok thanks for the info I thought disabling it at router level would fix this and figured I had misread something. Which is perfectly fine I consider UPnP itself a security issue and should always be turned off. 

Link to post
Share on other sites
1 hour ago, Ryan_Vickers said:

As far as I'm concerned UPnP is itself a vulnerability and should be kept disabled at the router level, so this doesn't concern me.  I'd recommend anyone interested follow a similar protocol, especially with this new news.  For everyone else who doesn't keep up with tech and runs everything with default settings, this will unfortunately only add to the long list of security issues with IoT devices.

Scanned my 20 some odd IoT devices locally, only found one set of issues and that was all with my Sonos speaker. I don't have any UPnP enabled and in fact I cannot even enable it since the ASA doesn't do that :P 


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×