UPnP flaw exposes millions of network devices to attacks over the Internet

reader comments

32 with 27 posters participating

Millions of routers, printers, and other devices can be remotely commandeered by a new attack that exploits a security flaw in the Universal Plug and Play network protocol, a researcher said.

CallStranger, as the exploit has been named, is most useful for forcing large numbers of devices to participate in distributed denial of service—or DDoS—attacks that overwhelm third-party targets with junk traffic. CallStranger can also be used to exfiltrate data inside networks even when they’re protected by data loss prevention tools that are designed to prevent such attacks. The exploit also allows attackers to scan internal ports that would otherwise be invisible because they’re not exposed to the Internet.

Billions of routers and other so-called Internet-of-things devices are susceptible to CallStranger, Yunus Çadırcı, a Turkish researcher who discovered the vulnerability and wrote the proof-of-concept attack code that exploits it, wrote over the weekend. For the exploit to actually work, however, a vulnerable device must have UPnP, as the protocol is known, exposed on the Internet. That constraint means only a fraction of vulnerable devices are actually exploitable.

Still unsafe after all these years

The 12-year-old UPnP protocol simplifies the task of connecting devices by allowing them to automatically find each other over a network. It does this by using the HTTP, SOAP, and XML protocols to advertise themselves and discover other devices over networks that use the Internet Protocol.

While the automation can remove the hassle of manually opening specific network ports that different devices use to communicate, UPnP over the years has opened users to a variety of attacks. In

Continue reading – Article source