January 15th, 2008

Wi-Fi routers vulnerable to UPnP attack from hackers

Posted by Rik Fairlie @ 8:28 am

Categories: SOHO Networking

Tags: Router, Article, Hacker, UPnP, Attack, Gnucitizen, Routers & Switches, Network Technology, Networking, Rik Fairlie

A couple of weeks ago we discovered that it’s possible for viruses to quickly spread among unsecured or WEP-encrypted Wi-Fi routers in densely populated urban areas. The solution seemed to be simple: Use WPA encryption and strong passwords. Now, based on an article Gnucitizen, there’s another way for hackers to take down your router. In theory, at least.

The article describes a process that enables hackers to take control of routers by using UPnP. UPnP is a protocol allows you to automatically perform administrative tasks like obtain network settings and automatically open ports for communication. I have it enabled on my router because, somewhere along the line, I was testing a wireless product and the tech-support rep advised that I enable UPnP to ensure the product worked seamlessly. It’s a matter of convenience for me (I like it when things work out of the box).

Gnucitizen describes a way that hackers can attack a UPnP-enabled devicem, like my Linksys router, across the Web. The process involves exploiting a mechanism that uses XSS (cross-site scripting) vulnerability to add a port-forwarding rule within the targeted device firewall. According to the article:

Once the XSSed SOAP request is actualized, the attacker will be able to get access to an internal service over the portforward. Given the fact that the attacker can change the primary DNS server of the target router, as well, the problem seems to be more then scary and very, very concerning.

The worse that could happen: A hacker could change your primary DNS server and turn the router into a zombie. The article states that 99 percent of home routers could fall victim to such attacks because they support UPnP. Of course, UPnP would have to be enabled for this to be true. And I believe most routers ship with UPnP disabled.

Should you turn off UPnP to protect your network? At this point, the danger seems more theoretical than real. But I browsed several message boards and found that many people advised that you disable UPnP. I’m going to disable it on my router and see how it affects the other devices on my network. I’ll let you know what happens.