Most modern routers enable UPnP – Universal Plug and Play – by default. This might be a good time to reconsider that.
Grant Harrelson has just revealed a complex vulnerability which could make UPnP an Achilles Heel in your network. It is now possible for an attacker to exploit a vulnerability in UPnP which could let them run loose on your network.
- You point your browser, which must be Google Chrome or Firefox (Safari, Opera, and others are not vulnerable), at the malicious web page.
- Your browser is then redirected to the attacker’s web server.
- That malicious code then take less than a minute to open up all the devices on your network.
- Once open, each device can be attacked one by one, until the router is restarted.
A detailed account of this is here.
- you are running Chrome or Firefox, and
- you might browse such a malicious site, and
- your router is vulnerable
be prepared for unwelcome visitors.
The solution follows:
- only visit trusted websites;
- don’t use Chrome or Firefox until they are fixed to prevent this;
- disable UPnP in your router, until its firmware is fixed to ensure that it is no longer vulnerable.
This vulnerability and exploit appears to be independent of the operating system which your computer is running. It is also worth noting that unless you are running a network intruder detection system (NIDS) or inspecting your router logs frequently, this attack could pass unnoticed for a long time.
Full details are here.