- This topic has 1 voice and 0 replies.
-
Posts
-
-
#News(Security) [ via IoTForIndiaGroup ]
Over the last decade, reports have increasingly detailed the flaws and vulnerabilities that can plague insecure implementations of a set of networking protocols called Universal Plug and Play. But where these possibilities were largely academic before, Akamai found evidence that attackers are actively exploiting these weaknesses not to attack the devices themselves, but as a jumping off point for all sorts of malicious behavior, which could include DDoS attacks, malware distribution, spamming/phishing/account takeovers, click fraud, and credit card theft.
To pull that off, hackers are using UPnP weaknesses in commercial routers and other devices to reroute their traffic over and over again until it’s nearly impossible to trace. This creates elaborate “proxy” chains that cover an attacker’s tracks, and create what Akamai calls “multi-purpose proxy botnets.”
“We started talking about how many of these vulnerable devices are out there and what can they be leveraged for, because most people seem to have forgotten about this vulnerability,” says Chad Seaman, a senior engineer on the security intelligence response team at Akamai. “As part of that we had to write some basic tools to find what was vulnerable. And some of these machines did have very abnormal [activity] on them. It was not something that we honestly expected to find and when we did it was kind of like ‘uh oh.’ So this theorized problem is actually being abused by somebody.”
Down With UPnP
UPnP helps devices on a network find and essentially introduce themselves to each other, so that a server, say, can discover and vet the printers on a network. You can find it both on internal, institutional networks and on the larger internet, handling things like IP address routing and data flow coordination.
-
- You must be logged in to reply to this topic.
