[ mainpage :: register :: training :: conference :: hitb-labs :: the venue ]
[ capture the flag (CTF) :: wireless village :: lock picking village (LPV) :: open-hack ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

OFFICIAL CONFERENCE VIDEOS HAVE BEEN RELEASED

HITBSecConf2008 - Malaysia (Day 1)

HITBSecConf2008 - Malaysia (Day 2)

Registration for HITBSecConf2009 - Dubai is also now open.

Jonathan Squire (Founder, Big Brain Labs)

Filed under: Main Page — Administrator @ 12:45 pm

Presentation Title: A Fox in the Hen House - UPnP IGD
Presentation Abstract:

Easy is the mantra of consumer devices these days. “Just plug it in and it works. No configuration needed.” All this simplicity hopefully causes one to pause and wonder, how is this possible?

This presentation will demonstrate the dangers of the often overlooked Universal Plug and Play (UPnP) Internet Gateway Device (IGD) profile. UPnP IGD is commonly enabled on modern home cable modem/wireless routers. UPnP IGD allows applications such as games and chat clients to request needed port forwards without the user’s intervention. Many of these routers do not even display these port mappings in their administrative interfaces.

In this presentation we will walk the audience through the simple steps needed to modify the port mappings on a common wireless router and discuss some of the potential attacks that can be performed. Sample code will be demonstrated that dynamically adds and removes port forwarding rules from the router to expose internal services to the internet. This simple attack is performed without any need for authentication and the new forwarding rules generally aren’t visible in the web interface of the router.

About Jonathan

Jonathan Squire is a founding member of the Information Security Group of a well known publishing and media company. While working at his day job, Jonathan is credited with accomplishments that include developing an Information Security model for the enterprise, architecting a secure, centralized credit card processing solution, and guiding the design of the security infrastructure deployed throughout many customer facing properties. Mr. Squire is also responsible for providing direction in governance and industry best practices. In his spare time, Jonathan is known to enjoy disassembling any piece of technology that cost more than $20 just to find out what else it can do. This propensity for abusing technology is easily witnessed by viewing the buckets of broken parts strewn throughout his basement as well as the creations that rise from the rubble.



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By




Malaysian National Computer Confederation


Multimedia Development Corporation


Platinum Sponsors

Titanium Sponsor (Post Conference Reception)

Gold Sponsors

CTF Sponsor

CTF Prize Sponsor

Open-Hack Sponsor

Metro-e and Official Bandwidth Sponsor


Network Equipment Sponsor

Our Speakers are Supported By


Supporting Media:

Virus Bulletin

InfoSec News

InfoSec News

XAKEP (Russia)

Supporting Organizations


Professional Information Security Association - Hong Kong









Special Interest Group in Security & Information InteGrity Singapore