Most UPnP routers are vulnerable to attackers and can be included on the botnet to hide malicious traffic. This conclusion was made by Trend Micro security specialists, who studied the available online devices using Shodan. In addition to routers under the threat to be found smart TVs, game consoles and other elements of the Internet, however, the percentage of open ports are lower.
As analysts have found out, 76% of routers, 27% of media devices and 19% of game consoles have an open online port UPnP. This makes it possible to attack equipment through open vulnerabilities or incorrectly configured Internet access. According to the outcomes of the search results from Shodan, almost 1.7 million units of such devices were found worldwide, more than 200 thousand found in Russia.
Problem is aggravated by using of outdated UPnP libraries, many of which contain serious problems adopted by hackers. According to information security specialists, firmware 16% of vulnerable devices work with the MiniUPnPd daemon. Triggers the version in which buffer overflow bugs and other problems are found. The current version of the library is found in the system software only 5% of the available IoT equipment.
Another 18% of devices use a Windows UPnP server, which may contain code CVE-2007-1204, allowing remote code execution, and one of 20 devices uses the Libupnp library, known for the seven-year bug CVE-2012-5958. The utility has access to all versions of the utility prior to release 1.6.18 and allows attackers to execute code that sends a malicious UDP packet to the system.
Last year, it became aware of a giant botnet made up of routers with an open UPnP interface. The malicious network detected by information security specialists numbered 65 thousand rubles. hidden criminal activity. As analysts have found out, cybercriminals changed the network address translation table (NAT) to send redirected statements to the specified IP.