Malicious code embedded in Web site can let miscreant map a home or corporate network, attack connected devices.
"We have discovered a technique to scan a network, fingerprint all the Web-enabled devices found and send attacks or commands to those devices," said Billy Hoffman, lead engineer at Web security specialist SPI Dynamics. "This technique can scan networks protected behind firewalls such as corporate networks."
A successful attack could have significant impact. For example, it could scan your home network, detect a router model and then send it commands to enable wireless networking and turn off all encryption, Hoffman said. Or it could map a corporate network and launch attacks against servers that will appear to come from the inside, he said.
"There has been little motivation to explore side-channel attacks such as this one," Vaskovich said. "But a key advantage of the SPI Dynamics vulnerability is that it is difficult to fix without breaking many Web applications. So it may be around for years to come."
"Everything has a Web server these days," Grossman said.
Pings from the host
At BlackHat, Grossman is slated to demonstrate one attack. "We will be showing off how to get the internal IP address, how to scan internal networks, how to fingerprint and how to enter DSL routers," he said. "As we're attacking the intranet using the browser, we're taking complete control over the browser."