SSH Vulnerabilities Still Active from Over a Decade Ago

Recent DDoS attacks have shown how important yet unsecure the IoT devices really are. These are utilized through relatively many households throughout the US accomplishing various tasks and functions. The issue here is these have not completely considered the security aspect or included this throughout the engineering process.

Although the DDoS application is bad enough, there is much more to be concerned about. The deviants are also using a vulnerability, SSHowDowN Proxy, turns the IoT device into a proxy for these attacks. This is a bit unique in comparison to the Mirai attacks in that this is seeking NAS devices, video surveillance IoT, satellite antennae equipment, networking devices, and other equipment.

This works so well due to a configuration flaw in the OpenSSH (CVE-2004-1653) that was found in 2004 and patched in 2005. The vulnerability allows TCP forwarding and port bounces. While this vulnerability is 12 years old, it is still experienced in the industry with the IoT devices. The vendors configuring with the default settings and hard coding credentials into the devices have allowed these to be attacked and successfully breached.

People and business don’t want their equipment to be part of a bot army. To remove the potential for this to be breached, the factory default settings should be changed. The SSH should also be disabled.

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.