New UPNP Flaw

Marc
Marc Moderator, Beta Tester Posts: 2,569
100 Answers 1000 Comments 500 Likes 250 Awesomes
✭✭✭✭✭✭
Interesting article posted on Ars Technica this morning.  https://arstechnica.com/information-technology/2020/06/upnp-flaw-exposes-millions-of-network-devices-to-attacks-over-the-internet/

There are a number of discussion in these threads on UPNP and yet another reason to disable it or to keep it disabled.

Millions of routers, printers, and other devices can be remotely commandeered by a new attack that exploits a security flaw in the Universal Plug and Play network protocol, a researcher said.
CallStranger, as the exploit has been named, is most useful for forcing large numbers of devices to participate in distributed denial of service—or DDoS—attacks that overwhelm third-party targets with junk traffic. CallStranger can also be used to exfiltrate data inside networks even when they’re protected by data loss prevention tools that are designed to prevent such attacks. The exploit also allows attackers to scan internal ports that would otherwise be invisible because they’re not exposed to the Internet.
Billions of routers and other so-called Internet-of-things devices are susceptible to CallStranger, Yunus Çadırcı, a Turkish researcher who discovered the vulnerability and wrote the proof-of-concept attack code that exploits it, wrote over the weekend. For the exploit to actually work, however, a vulnerable device must have UPnP, as the protocol is known, exposed on the Internet. That constraint means only a fraction of vulnerable devices are actually exploitable.
Thats Daphnee, she's a good dog...
RobinPatrickfixeditRessegger

Comments

  • [Deleted User]
    [Deleted User] Posts: 0
    100 Comments 25 Likes First Anniversary Member of the Month
    ✭✭✭
    UPNP FLAW, I’m not really sure how new this flaw is? Steve Gibson (GRC Research) highlighted major security issues with upnp around 10 years ago and still has plenty of information on how to secure your network, including disabling upnp & netbios wherever possible.
  • Marc
    Marc Moderator, Beta Tester Posts: 2,569
    100 Answers 1000 Comments 500 Likes 250 Awesomes
    ✭✭✭✭✭✭
    There are many UPNP flaws to which this one was relatively new.  But as you say, its been an issue for some time.
    Thats Daphnee, she's a good dog...
  • toliman
    toliman Member Posts: 1
    First Comment

    a vulnerable device must have UPnP exposed on the Internet.

    So, not a significant problem. Most 3rd Party routers wont even let you enable UPnP on the WAN or ISP side, or give you the option.

    except... for the humbling reality of Tens of Millions of routers that have basic UPnP enabled on hard-to-patch ARM chipsets that don’t have any configuration options... that allow UPnP on their WAN/ISP ports, and don’t have firewalls, just PNAT or basic NAT.

    And because it's such a large cohort, the risk management would be to replace millions of routers that work, for new models for millions of customers...

    Or have customers complain about being sued for being unwilling participants in a DDoS attack.

    This is very similar to the previous UPnP botnet vulnerability that used the released NSA toolkits.

    It's one of those "cup holder" CD-ROM problems that come up in tech, where the people who know better, are vulnerable to those who don't know... or you have to fight against inertia.

    Marc
  • DaveMacMedix
    DaveMacMedix Member Posts: 6
    Photogenic First Comment
    You can test your router for UPnP being open at Shields Up! https://www.grc.com/x/ne.dll?bh0bkyd2
    You'll need to click the "Proceed" button to get going.
    Terri
  • ssj152AL
    ssj152AL Member, Beta Tester Posts: 3
    First Anniversary Photogenic First Comment
    So, how do I find out if my router has this flaw - without revealing that fact to the entire net or even just our group?
  • [Deleted User]
    [Deleted User] Posts: 0
    100 Comments 25 Likes First Anniversary Member of the Month
    ✭✭✭
    edited July 2020
    @ssj152AL the link quoted earlier is the place to start reading, FYI it’s https://callstranger.com/
    However, it’s not just routers that are affected.
    Marc
  • SpicyBoy
    SpicyBoy Member Posts: 2
    Photogenic First Comment
    edited July 2020

    if you really nervous what you can do in Ubuntu is bind the DLNA service to a specific network interface. you create a WiFi hotspot on the PC hosting the content and bind the service to that hotspot interface that Ubuntu creates. you will have to change the various devices over to the hotspot WiFi network but at least it means the router isn't involved in the chain. and therefore technically shielding you from the wan.. or am I missing something.

    Marc
Sign In or Register to comment.