The security vulnerability Filet-O-Firewall in UPnP is exposing millions of home networking devices at risk for cyber attacks.
According to a security advisory recently issued by the CERT at the Software Engineering Institute at Carnegie Mellon University, security vulnerabilities in UPnP are exposing millions of home networking devices at risk for cyber attacks.
The problem resides in the UPnP that lacks sufficient authentication mechanisms.
“Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures.” states the advisory.
“Poor adoption of the security standard may broadly open up opportunities for an attacker with private network access to guess the UPnP Control URLs for many devices currently on the market. If the guess is correct, the attacker may utilize UPnP to make changes to the home router’s configuration such as opening ports and enabling services that allow an attacker further access to the network. A correct guess is likely, due to many manufacturers’ use of standardized UPnP Control URL names.”
Successful exploits of the Filet-o-Firewall allows attackers to open firewall ports and issue administrative commands on a home router.
As mitigation measure the CERT recommends to disable UPnP to randomizing UPnP UUID and URLs.
The researcher Grant Harrelson explained that the attacks can be carried out in fewer than 20 seconds and any home router running a UPnP service is at risk.
The exploitation of the Filet-o-Firewall vulnerability allows attackers to access the target network, once inside it could find other flaws affecting other devices on the same network to compromise them.
The advisory includes the list of affected devices, but Harrelson speculates that many other devices are affected by the Filet-O-Firewall vulnerability.
The security of the UPnP has been already questioned in the past by security experts, in October 2014 researchers at Akamai firm have issued a report on reflection and amplification DDoS attacks exploiting vulnerable UPnP devices worldwide. In 2013, HD Moore, CSO of the security firm Rapid7 published a study that showed that of 80 million devices responding to UPnP requests on the Internet, more than 50 million were vulnerable to cyber attacks.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.