02-05-2013, 01:07 PM
Hey everyone, I'm not sure how many of you have heard about this from other sources, but I'm posting this in the hopes that it'll prevent a few problems for some of you.
Short Story: turn of UPNP, now. *seriously*
Long Story:
UPNP (aka universal plug and play) is a communication protocol designed to make it easier for all the devices on the local network (your xbox/ps3/computer/whatever) to negotiate with the router about what ports they need open so things just work (meaning you don't have to worry that your favorite FPS wants ports 27000 - 27015 open, and that minecraft wants 25565).
This is generally seen as an improvement by users, and a security nightmare by network administrators. But because this was only supposed to be functional from in a private network (aka only devices located locally), no one raised that large of a fuss and life moved on.
But last week several security researchers found out some very worrying news. A significant percentage of routers were responding to UPNP requests from the public internet. Meaning that malicious entities can just tell your router to let them in.
What is a significant percentage you ask, try 81 Million (2.2% of the internet).
What is worse is that 20% (~16 million) of these can be exploited by one (1) udp packet.
Given the fact that there are 8 vulnerabilities discovered in how these routers deal with UPNP, I strongly believe that the percentage will only rise.
So what can you do?
Log into your router, and turn off UPNP.
If you want to make sure that UPNP is turned off Steve Gibson has added UPNP detection to his Shields Up tool (link).
Cisco has also released a document specifying what models of Cisco/Linksys routers are vulnerable (link)
If you want the to read all the gritty details, the can be found here (pdf)
This was also covered on Security Now, if you want to listen to a 1.5 hour discussion about all of this (youtu.be/wEa43qM4JjQ, you can skip ahead to the 9:45 mark)
Edit: and now I can't figure out how to post just a link to youtube *grumble*
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy
Short Story: turn of UPNP, now. *seriously*
Long Story:
UPNP (aka universal plug and play) is a communication protocol designed to make it easier for all the devices on the local network (your xbox/ps3/computer/whatever) to negotiate with the router about what ports they need open so things just work (meaning you don't have to worry that your favorite FPS wants ports 27000 - 27015 open, and that minecraft wants 25565).
This is generally seen as an improvement by users, and a security nightmare by network administrators. But because this was only supposed to be functional from in a private network (aka only devices located locally), no one raised that large of a fuss and life moved on.
But last week several security researchers found out some very worrying news. A significant percentage of routers were responding to UPNP requests from the public internet. Meaning that malicious entities can just tell your router to let them in.
What is a significant percentage you ask, try 81 Million (2.2% of the internet).
What is worse is that 20% (~16 million) of these can be exploited by one (1) udp packet.
Given the fact that there are 8 vulnerabilities discovered in how these routers deal with UPNP, I strongly believe that the percentage will only rise.
So what can you do?
Log into your router, and turn off UPNP.
If you want to make sure that UPNP is turned off Steve Gibson has added UPNP detection to his Shields Up tool (link).
Cisco has also released a document specifying what models of Cisco/Linksys routers are vulnerable (link)
If you want the to read all the gritty details, the can be found here (pdf)
This was also covered on Security Now, if you want to listen to a 1.5 hour discussion about all of this (youtu.be/wEa43qM4JjQ, you can skip ahead to the 9:45 mark)
Edit: and now I can't figure out how to post just a link to youtube *grumble*
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy
