Five million routers are in the so-called. UPnProxy vulnerability, 70,000 devices have fallen victim to such an attack. More than 400 types of routers have the same problem, including the popular ASUS, Belkin, D-Link, ZyXel, Netgear or ZTE devices in Hungary.
The bitport that has been exploited by cyber criminals is a bit of a problem with home and office routers. The vulnerability was found in the so-called UPnP (ie Universal Plug and Play) function of the routers by the Akamai US technology: it was originally a convenience feature for the user, but as it turned out, comfort was at the expense of security: manufacturers did not incorporate adequate protection routers against UPnP-based access from the Internet.
According to Akamai, nearly 5 million routers have UPnProxy vulnerabilities, but at present less than 70,000 devices have been hit by some attack. However, the danger is enormous, as there are more than 400 router types in the same error. There are also manufacturers in the Akamai study list, which sells large routers in Hungary: ASUS, Belkin, D-Link, ZyXel, Netgear or ZTE.
If an attacker finds such a router, you can create favorable NAT rules for it, so you can even access the management interface of the network devices. (NAT, ie Network Address Translation, allows the machines in the network to communicate directly with the outside world, ie machines outside the network.) The user – the attacked machine user – does not need to be actively involved in this and does not even appear to attack.
Refresh can help
Cyber Criminals love routers, especially those whose management interface is accessible from the Internet. It’s just a foam on the cake if you have the default factory passwords to access the device. The owners of the affected routers (apart from the exchange of the device) can not do much. According to Bitport, updating the firmware may be a solution if such update is available.
UpnProxy vulnerability, where external access is the decisive element, can be exploited in several ways. First, attackers can access the internal network through certain ports. Another option is to modify NAT rules as a proxy for compromised routers and redirects. This is the third option: redirects help attackers hide their unwanted activities. The latter helps, for example, botnets operators or spamming up to hundreds of routers, making it very difficult to detect spammer identities.