UPnP (Universal Plug and Play) is intended to allow devices inside your local network to open needed ports in your modem/router. This was already an issue as viruses/malware could make a request to have the ports opened and allow malicious communication to go through unfettered. It isn’t supposed to accept instructions from outside the network (the WAN side), but a vulnerability that has been known since at least 2013 has been used to expand the exploit.
A new attack has emerged that is specifically designed to open your network to attack and to get into connected devices. EternalSilence, as it has been dubbed, not only compromises your router, but also opens ports on your device (computer, cell phones, smart devices, etc), and this attack appears to be related to the leaked NSA exploits EternalBlue and EternalRed. This is a pretty nasty exploit, to be honest.
It can be difficult to tell if you have been compromised by this specific exploit. One way that may indicate that you’ve been compromised is if you go into your router and you notice some “odd” ports that are open in UPnP, though even if you are compromised, this isn’t a true fire way of telling (because the ports are often released quickly after they are no longer used). The best thing to do for this is to honestly just do the fix below, whether you have been compromised or not.
To read more in-depth about this attack, go to the Ars Technica article here.
The post UPnP has been a security risk for years, but now it’s WORSE! appeared first on Psinergy Tech.