If You Care About Security On Your Home Network, Turn Off UPnP

UPnP stands for Universal Plug And Play. The idea behind this technology is that networked devices such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other’s presence on the network and establish functional network services for data sharing. It sounds great because it takes some of the complexity setting up devices on your home network.

It’s also a great vehicle for hackers to enlist your devices to pwn others. And has been for years. And when I say years, I mean that security issues have been found in UPnP going back into the previous decade.

Researchers at cyber security firm Imperva have posted a paper that describes how UPnP can be used to enlist UPnP enabled routers that may be badly secured to execute a pretty crafty distributed denial of service attack. I say crafty because the attack that the researchers describe can evade some defense mechanisms to mitigate at distributed denial of service attack. What’s concerning about this is that the researchers found 1.3 million devices that on the surface could be exploited for such an attack. That’s kind of scary.

My advice? If you have a router which supports UPnP, disable the protocol immediately. I haven’t yet stumbled upon a router which does not permit disabling UPnP, so as far as I am concerned, that should be a no brainer to help you to avoid having your router enlisted for mass pwnage.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: