Overview
The DSP-W215 Rev. A1 contains a flaw that allows a malicious user to cause an overflow (halt in executing application) in the device software that allows access to it's operating system and allows unauthenticated commands to be executied.
References
Craig @ /dev/ttyS0 - Link
Description
In order to maintain author's intent and accuracy of the disclosure please read at:
This product was released in May 2014. The mobile application required to install and use the device, wll notify the user to upgrade immediately upon patches being available.
The author discovered the exploits by inspecting the firmware and recognizing how the mobile applications utilizes the Home Network Administration Protocol (HNAP) to configure the smart plug.
By accessing the device application for the plug through the HNAP protocol, a malicious user can access device infomation unauthenticated. Once this information is disclosed an exploit can be pushed to the device crashing the application and providing the malicious user access to the core operating system to perform further exploits. This can lead to the device being reconfigured and/or unstable.
Since the product is an application on the LAN-side of your Home network, the malicious user would have to have exploted the home network or have direct access to the network the device is located.
This device does not utilize a web-base configuration interface, it is dependent on the mobile applications which we encourage you use for updates. In the event you would like to manually update the product, a link below is available with the new firmware. To upgrade manually, does require significant technical skill using the provided instructions. Our technical support call centers will not be able to help you with manual upgrades, only with mobile applicaton upgrades should you need help.
Due to the nature of the attack(s) described by the author and the rootkit provided by the disclosure. As the author had commented the vulnerabilities would require access to the LAN till the most recent disclosure taking advantage of a CSRF vulnerability.
D-Link will require an extended period of time to develop the necessary counter-measures for these vulnerabilities. We have beta firmware under certification tests, but will not offer it through the mobile application till it has passed completely.
Recommendation is only to utilize the device remotely throught the mobile application and mydlink. Do not allow remote access to the device through your firewall for any reaason or allow PC browsers to access the device directly if browswer requests.
The D-Link Smartplug mobilie application will notify users when fix/upgrade is available. The user will be able to upgrade by simply confirming to upgrade device.
Affected Product
Model Name
|
HW Version
|
Current FW Version
|
New FW Version for this exploit fix
|
DSP-W215
|
A1
|
v. 1.09 and older
|
FW: 1.10 (Use Mobile Application to Update)
iOS: iTunes
Android: Google Play
|
Security patch for your D-Link Devices
These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.