Sign up to our newsletter
Over 4 million UPnP devices could be used to assist in distributed denial-of-service (DDoS) attacks, Akamai has warned.
The protocols are found in millions of home and office devices, “including routers, media servers, web cams, smart TVs and printers”, Net Security reports.
The protocol that can be abused is the Simple Service Discover Protocol (SSDP) which is used to allow networked devices to connect to each other. “Attackers have found that Simple Object Access Protocol (SOAP) – used to deliver control messages to UPnP devices and pass information – requests can be crafted to elicit a response that reflects and amplifies a packet, which can be redirected towards a target,” explains SC Magazine.
Akamai recommends that users block traffic on port 1900 that is headed for targeted devices. The company suggests that owners of vulnerable devices also take steps to prevent their use, including blocking internet requests to connected devices, turning off the protocol usage if not required and updating any device’s software to the latest version.
Chad Seaman, a senior security response engineer for PLXsert at Akamai told SC Magazine that although amplification through these devices is smaller, it can still be an effective attack and is becoming ‘increasingly popular’. “The most effective part of this tactic is the millions of possible reflectors that could be used to launch DDoS attacks. With these devices being so widely deployed [in] mostly consumer products, they’re likely to go unpatched and unmonitored.”
One such attack observed by Akamai included traffic peaking at 54.35 Gigabits per second, and 17.85 million packets per second.
Akamai’s research indicates that 38% of the 11 million UPnP devices worldwide are likely to be effected, the majority of which are in Korea, the United States, China, Argentina, Canada and Japan.
Author Alan Martin, ESET