New UPNP Flaw

MarcMarc Moderator, Beta Tester Posts: 1,277
100 Answers 1000 Comments 500 Likes 100 Awesomes
Interesting article posted on Ars Technica this morning.

There are a number of discussion in these threads on UPNP and yet another reason to disable it or to keep it disabled.

Millions of routers, printers, and other devices can be remotely commandeered by a new attack that exploits a security flaw in the Universal Plug and Play network protocol, a researcher said.
CallStranger, as the exploit has been named, is most useful for forcing large numbers of devices to participate in distributed denial of service—or DDoS—attacks that overwhelm third-party targets with junk traffic. CallStranger can also be used to exfiltrate data inside networks even when they’re protected by data loss prevention tools that are designed to prevent such attacks. The exploit also allows attackers to scan internal ports that would otherwise be invisible because they’re not exposed to the Internet.
Billions of routers and other so-called Internet-of-things devices are susceptible to CallStranger, Yunus Çadırcı, a Turkish researcher who discovered the vulnerability and wrote the proof-of-concept attack code that exploits it, wrote over the weekend. For the exploit to actually work, however, a vulnerable device must have UPnP, as the protocol is known, exposed on the Internet. That constraint means only a fraction of vulnerable devices are actually exploitable.
Thats Daphnee, she's a good dog...


  • PixelpopperPixelpopper Moderator Posts: 120
    100 Comments 25 Likes Member of the Month 5 Agrees
    UPNP FLAW, I’m not really sure how new this flaw is? Steve Gibson (GRC Research) highlighted major security issues with upnp around 10 years ago and still has plenty of information on how to secure your network, including disabling upnp & netbios wherever possible.
  • MarcMarc Moderator, Beta Tester Posts: 1,277
    100 Answers 1000 Comments 500 Likes 100 Awesomes
    There are many UPNP flaws to which this one was relatively new.  But as you say, its been an issue for some time.
    Thats Daphnee, she's a good dog...
Sign In or Register to comment.