According to a security advisory recently issued by the CERT at the Software Engineering Institute at Carnegie Mellon University, security vulnerabilities in UPnP are exposing millions of home networking devices at risk for cyber attacks.
The problem resides in the UPnP that lacks sufficient authentication mechanisms.
“Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures.” states the advisory.
“Poor adoption of the security standard may broadly open up opportunities for an attacker with private network access to guess the UPnP Control URLs for many devices currently on the market. If the guess is correct, the attacker may utilize UPnP to make changes to the home router’s configuration such as opening ports and enabling services that allow an attacker further access to the network. A correct guess is likely, due to many manufacturers’ use of standardized UPnP Control URL names.”
Successful exploits of the Filet-o-Firewall allows attackers to open firewall ports and issue administrative commands on a home router.
As mitigation measure the CERT recommends to disable UPnP to randomizing UPnP UUID and URLs.
The advisory includes the list of affected devices, but Harrelson speculates that many other devices are affected by the Filet-O-Firewall vulnerability.
The security of the UPnP has been already questioned in the past by security experts, in October 2014 researchers at Akamai firm have issued a report on reflection and amplification DDoS attacks exploiting vulnerable UPnP devices worldwide. In 2013, HD Moore, CSO of the security firm Rapid7 published a study that showed that of 80 million devices responding to UPnP requests on the Internet, more than 50 million were vulnerable to cyber attacks.
(Security Affairs – Filet-O-Firewall, UPnP)