A new attack on universal plug and play (UPnP) protocol endangers millions of connected devices to hackers around the world.
A security researcher claims that the new hack exploits an old UPnP vulnerability. The attack takes advantage of an unpatched security flaw that has been on the system for decades. The attack is capable of infecting millions of unsecured devices and force them into a botnet.
These botnets are usually the main driver of DDoS attacks. Moreover, DDoS attacks are the hackers’ primary tool if they want to take down a website or a particular service. However, this new attack vector can also exfiltration data even if the target uses various prevention tools.
UPnP CallStranger attack
Security experts simply call the attack CallStranger. The attack takes advantage of a flaw in the UPnP protocol. This particular vulnerability has been left open for many years now.
CallStranger is also capable of scanning internal network ports. This is extremely dangerous since these ports are invisible to remote users since it is not open to the Internet. By infiltrating these secure ports, hackers can essentially access vital network components and services.
CallStranger: UPnP Flaw Affecting Billions of Devices Allows Data Exfiltration, DDoS Attacks https://t.co/jzRRQ29JQc
— SecurityWeek (@SecurityWeek) June 8, 2020
Turkish security researcher Yunus Cadirci first discover the vulnerability. The researcher has written a proof-of-concept attack that can exploit this vulnerability.
While this is frightening on a security perspective, there are a number of specifics for the hack to actually go through. For one, the target must open its ports to Internet access. This particular point essentially cuts down possible targets to just the bare minimum.
A decade-old vulnerability
UPnP is a network protocol that essentially allows for easy data transfer between connected devices. It does so by automatically finding these devices and adding them to the network. This eliminates the daunting task of manually finding a specific port for different devices.
However, this easy-to-use feature is what makes the protocol vulnerable, at least when it connects to the Internet. Early reports about the vulnerability reveal that it exploits code libraries that are common in the User Datagram Protocol.
Some of the earliest exploits of this vulnerability surface in 2013. At around this time, more than 81 million devices were made visible on the Internet. What makes the attack terrifying is that the hackers were able to access them even when on a private network.
The last reported attack that takes advantage of this UPnP vulnerability was in 2018. Security researchers found out that the hackers were able to infiltrate 100,000 routers and hoard them into a botnet.
Image courtesy of David Rangel/Unsplash