UPnP: Hackers are opening SMB ports on routers | ZDNet


Akamai says that over 45,000 routers have been compromised already.


Source: Hackers are opening SMB ports on routers so they can infect PCs with NSA malware | ZDNet

UPnP, or Universal Plug ‘N Play, allows devices behind your home router to configure services on the router itself.  This means that any “connected” device on your home network has control over your perimeter through the use of UPnP.  What has been discovered over the last few years, is that there are some vulnerabilities in legacy versions of UPnP (existing on most of the consumer grade routers across the Internet) that allow hackers to utilize UPnP from outside your network to force changes to your port forwarding.

This is not a new development.  There are some nuances with this article that make it relevant to share now, as there are currently some hackers utilizing this method to gain access to systems behind your home router in order to install malware.  However, this method of attacking UPnP and making changes to the security posture of consumer devices has been going on for a while.  On some newer consumer grade routers, there are options extending the capabilities of UPnP to allow for user authentication.  However, the risks are too high, in my opinion to leave UPnP configured.

My suggestion to our readers is to disable UPnP altogether on your home router.  Most home Internet users rely on their router to provide some basic firewall capabilities.  They are effectively utilizing what is known as Network Address Translation, or NAT, to hide the machines behind their router.  If UPnP is enabled, hackers are able to turn your router into what I like to refer to as Swiss cheese by punching holes through the router directly to your devices. As this article shows, hackers are then using these devices as proxies through which they can route their devious Internet usage or as landing ground for malicious malware.

Most of us prefer to use a computer that is not laden with “crapware” which slows them down.  Most people I know would also prefer not to have people snooping around their computers where they have financial software, personal photos, etc.  i don’t know anyone who would be OK with knowing hackers had turned their machines into mining drones collecting cryptocurrency to fund future malicious activities.  After all, if anyone is going to mine on my machines, it is going to be me.

Please take time to ensure UPnP is disabled on your router.  If you have trouble with this process, then Google the model of your router along with the phrase “disable UPnP” to find some direction in how to accomplish this task.  As always, drop me a comment and I would be glad to help you with this also.

Author: Phil

Phil Williams is an engineer with around 20 years of information technology industry experience with past focus areas in security, performance, and compliance monitoring and reporting. Phil is a husband, father of 6 children, and an avid geek who loves building computers, gaming, and gadgets. He has an undergraduate degree in general IT sciences and has worked with the US Government as a contractor for over 20 years. He is now in a security solutions advisory role for a large vendor supporting commercial and enterprise customers.

Leave a Reply

Your email address will not be published. Required fields are marked *