UPnP has been a security risk for years, but now it’s WORSE! — Psinergy LLC
X
Menu

UPnP has been a security risk for years, but now it’s WORSE!

UPnP (Universal Plug and Play) is intended to allow devices inside your local network to open needed ports in your modem/router. This was already an issue as viruses/malware could make a request to have the ports opened and allow malicious communication to go through unfettered. It isn’t supposed to accept instructions from outside the network (the WAN side), but a vulnerability that has been known since at least 2013 has been used to expand the exploit.

A new attack has emerged that is specifically designed to open your network to attack and to get into connected devices. EternalSilence, as it has been dubbed, not only compromises your router, but also opens ports on your device (computer, cell phones, smart devices, etc), and this attack appears to be related to the leaked NSA exploits EternalBlue and EternalRed. This is a pretty nasty exploit, to be honest.

 

How to tell if you’ve been compromised

It can be difficult to tell if you have been compromised by this specific exploit. One way that may indicate that you’ve been compromised is if you go into your router and you notice some “odd” ports that are open in UPnP, though even if you are compromised, this isn’t a true fire way of telling (because the ports are often released quickly after they are no longer used). The best thing to do for this is to honestly just do the fix below, whether you have been compromised or not.

 

How to Fix

  1. If you’ve been compromised, you need to do a factory reset of your router and disable UPnP completely.
    • You also need to scan all of your devices to make sure they haven’t been infected through this vulnerability.
  2. To help make sure you aren’t vulnerable for this exploit, make sure your router firmware is up-to-date, or purchase new up-to-date hardware.
    • and Make sure to turn OFF UPnP!
  3. If you’re not sure how to do this, we can help. Give us a call us at 612-234-7237. We will check the router to ensure UPnP is turned off (or turn it off if it’s not) remotely, in most cases, as a “Quick Fix“, or the “In-depth Remote Help” we will also apply needed router firmware updates (if none are needed, it would only be a Quick Fix). The scanning of your devices would not be part of the quick fix or the in-depth remote help service. In some cases, we may actually need you to bring in the device or schedule an onsite service, and we may recommend certain security appliances if that’s of a concern for your unique setup.

 


To read more in-depth about this attack, go to the Ars Technica article here.

 


 

The post UPnP has been a security risk for years, but now it’s WORSE! appeared first on Psinergy Tech.

You Might Also Liked

Firefox Vulnerability – known about for 17 years 1903 is here, what have we seen? VLC Media Player Security Flaw! Change your Facebook password now! Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software — The Hacker News Caribou Coffee Stores Hacked for months… but what about your business? Microsoft Issues Emergency Patch for Windows 7 – 10, including Server OS Avast had a glitch! – “DNS server isn’t responding”