HNAP Protocol Vulnerabilities – Pushing The “Easy” Button

Ease and Security Don't Mix

In the eternal quest to create easy ways for systems to communicate with people and other systems, embedded device manufacturers have created new protocols. One of the first was UPnP, or Universal Plug and Play, which has had its share of security problems. The latest protocol to emerge is called HNAP, or Home Network Administration Protocol. Its goal is to "allow advanced programmatic configuration and management by remote entities." The protocols primary purpose is to aid device manufacturers in supporting remote devices such as printers and wireless routers. HNAP allows remote configurations to be both viewed and changed remotely using an HTTP SOAP-based protocol. While this sounds wonderful, someone decided to push the "easy" button:

"HNAP was designed to be a simple, light weight protocol that is easy to implement inside of small cost-constrained hardware such as network routers, cameras and other small devices. Because the protocol is based on existing HTTP-SOAP standards, it is very flexible and easily extensible."

The first phrase that raises a red flag for security-minded people is "simple, light weight". This almost always means that in order to simplify the design to make it "light weight", the first thing to go is security. Further reading of the Cisco Systems whitepaper on HNAP reveals an entire section dedicated to "Protocol Security", which states:

"HNAP leverages the (continue reading...)