Security News

Taiwanese hardware vendor QNAP urged customers on Monday to disable Universal Plug and Play port forwarding on their routers to prevent exposing their network-attached storage devices to attacks from the Internet. UPnP Port Forwarding allows network devices to communicate seamlessly and create groups for easier data sharing.

UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding rules on a router automatically. It is yet another technology that trades convenience for security, especially when the UPnP implementation is potentially vulnerable to attacks allowing remote actors to add UPnP port-forwarding entries via a device's exposed WAN connection.

Stop us if you've heard this before but a researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play protocol. An attacker able to exploit this flaw could use it to co-opt vulnerable devices for DDoS attacks, bypass data loss prevention security to sneak data out of networks, and possibly carry out port scanning to probe for exposed UPnP devices.

A vulnerability in Universal Plug and Play, which is implemented in billions of networked and IoT devices - personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on - may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks. About UPnP. UPnP is a set of networking protocols that allows networked devices to automatically discover and interact with each other when on the same network.

A newly disclosed UPnP vulnerability that affects billions of devices can be exploited for various types of malicious activities, including distributed denial-of-service attacks and data exfiltration. Designed to facilitate the automatic discovery and interaction with devices on a network, the UPnP protocol is meant for use within trusted local area networks, as it lacks any form of authentication or verification.

Cisco Talos security researchers were able to leverage properties of the Universal Plug and Play (UPnP) protocol to unmask the IPv6 address of specific IPv4 hosts. read more

The UPnProxy router compromise uncovered earlier in 2018 is now being used to attack computers on networks connected to the same gateways.

Last May, security firm Imperva wrote a blog post discussing a new proof of concept for bypassing DDoS mitigation after discovering reflected network protocols appearing on non-standard network...

Look out for traffic to and from these IP addresses and ports Once again, a hundred thousand or more home routers have been press-ganged into a spam-spewing botnet, this time via Universal Plug...

Before it amplifies DDoS attacks Universal Plug 'n' Play, that eternal feast of the black-hat, has been identified as helping to amplify denial-of-service attacks.…