Unpatched UPnP-enabled devices allow attackers to take over cameras, printers and routers

• The attackers can leverage these vulnerable UPnP-enabled devices to exploit a wide range of vulnerabilities in UPnP libraries.
• 24% and 30% of the total IoT devices used MiniUPnPd 1.0 and MiniUPnPd 1.6 - older versions - respectively.

Outdated software on UPnP-enabled devices has opened doors for attackers to conduct a variety of attacks. The attackers can leverage these vulnerable UPnP-enabled devices to exploit a wide range of vulnerabilities in UPnP libraries.

An example - Earlier this year, the users of Chromecast streaming dongles, Google Home devices and smart TVs were flooded with a message promoting YouTuber PewDiePie’s channel. This was possible as the hackers took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled. This caused the vulnerable routers to forward public ports to private devices and be open to the public internet.

Why old firmware leads to security flaws - According to Trend Micro, many devices such as cameras, printers, NAS devices, Smart TVs and routers that use UPnP for streaming, sharing and service discovery, also come with wide number vulnerabilities. These vulnerabilities can be abused by attackers to bypass firewalls and reach the victims’ local network.

Many of these devices were found still using the old versions of UPnP libraries. This leaves connected devices insecure against attacks.

Why it matters - Citing the impact of vulnerable UPnP implementations, Trend Micro said, “Vulnerable UPnP implementations, when exploited, can turn routers and other devices into proxies to obfuscate the origins of botnets, distributed denial-of-service (DDoS) attacks, or spam, and render nearly impossible to trace what malicious activities are done.”

Old versions of MiniUPnPd still in use - Out of the 1,648,769 Internet-connected devices found using the Shodan search engine, 24% and 30% used MiniUPnPd 1.0 and MiniUPnPd 1.6 - older versions - respectively. Only 5% of the total IoT devices were found using the latest MiniUPnPd 2.x version.

This means that a vast majority of IoT devices are vulnerable to different security issues which includes:

• CVE-2013-0230 - A stack-based buffer overflow in MiniUPnPd 1.0. It can allow attackers to execute arbitrary code.
• CVE-2013-0229 - A vulnerability in MiniUPnPd before version 1.4. It can allow attackers to cause a denial of service (DoS).
• CVE-2017-1000494 - An uninitialized stack variable flaw in MiniUPnPd before version 2.0. It can also allow attackers to perform DoS.

How to stay safe - In order to stay safe from such attacks, users should disable the UPnP feature whenever the device is not in use. Users should also keep their device’s firmware up-to-date. In case a device is suspected to be infected, reboot it and reset to the original factory settings.