Home routers are affected by major UPnProxy security issues

Costea Lestoc By: Costea Lestoc
2 minute read

According to Akamai latest report, it looks like bad actors are abusing more than 65,000 routers to create proxy networks for secret or even illegal activities. Akamai is an American content delivery network and cloud service provider. The Universal Plus and Play protocol is abused by botnet operators and cyber-espionage groups. UPnP comes with all modern routers to, and the bad actors’ target is to proxy bad traffic and hide real location.

UPnP is targeted these days

The UPnP protocol is abused by attackers, and this is an essential feature because it makes it easier to interconnect local devices with Wi-Fi and forward ports and services to the web. The protocol is vital for modern routers, but its insecurity was proven more than ten years ago. Attackers have been abusing it ever since, and now it looks that there’s a brand new way in which they are doing this. Bad actors have discovered that particular routers expose the protocol’s services that are meant only for inter-device discovery.

The flaw’s codename is UPnProxy

Attackers have been abusing these routers to inject malware into their Network Address Translation tables. The flaw allows attackers to use routers with misconfigured UPnP services as proxy services for their own secret and illegal operations. The weakness is significant because cybercriminals can login into routers that expose their backend on the web.

Hackers can exploit it to bypass firewalls and access IP addresses to bounce traffic to other IP addresses. This can be used to mask the real locations of phishing pages, spam campaigns, advertising click fraud and more similar “goodies.”


In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


Akamai’s findings and solutions

The number or vulnerable routers that Akamai detected is around 4.8 million and experts have discovered active NAT injections on more than 65,000 devices. Akamai also created a list of 400 router models made by 73 vendors that are currently vulnerable. Users are advised to replace their routers with models that don’t have the vulnerability. Akamai also released a Bash script that has the ability to identify vulnerable routers.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

Mysterious update KB4023057 got released again: What it is for?

Giles Ensor avatar. By: Giles Ensor
3 minute read

Here is an interesting situation. Microsoft releases update KB4023057 (again), still doesn’t explain what it is for, and expects everyone to be happy. Result? Well, […]

Continue Reading

Dutch Regulators catch Windows 10 breaching GDPR

Giles Ensor avatar. By: Giles Ensor
3 minute read

Two years in the offing and GDPR is still being breached. It will come as no surprise to many that a big, American tech company […]

Continue Reading

Microsoft was just playing with Mail ads and turned them off

Giles Ensor avatar. By: Giles Ensor
3 minute read

The symbiosis of the internet and advertising has long been understood. Everyone understands that if you have access to something that is ‘free’, inasmuch as […]

Continue Reading