Internet of things and the arrival of the long-awaited disaster

After the Internet concept of things has come to dominate the world around us, everyone has to be prepared enough to protect their security. Everyone has become aware that Internet objects such as the router are always vulnerable to malicious attacks, yet investments in cybersecurity are still insufficient. Worse, the weaknesses that are discovered may remain untreated for many years.


On Monday, Akamai published information on its findings of how attackers exploited a security vulnerability in some devices such as routers and video game consoles, which had been detected since 2006.

Over the past decade, gaps and vulnerabilities have also been identified that could be misused by implementing a set of network protocols called UPnP.

What is new is Akamai's disclosure of evidence that exploits these vulnerabilities actively not to attack the devices themselves, but rather to use them as bases for malicious behavior, including DDoS attacks, spreading malware, phishing, phishing, piracy, account hijacking, .

Pirates exploit vulnerabilities in the UPnP protocol on commercial routers and other devices to reroute traffic time after time so it is impossible to follow the steps of pirates. This is an explanation of the proxy strings that cover the attacker's movements, which are what Akamai calls "multi-purpose botnet proxies."

Weak security with Universal Plug and Play protocol UPnP

UPnP helps devices turn on devices as soon as they are connected to the network without further steps. The protocol helps connected devices on the network recognize each other and present themselves to other devices. For example, the server can recognize the printer once it is connected to the network. This protocol is used in various types of networks, institutions and across the Internet. It handles some things automatically, such as IP address routing and data flow format. It also features work and coordination with other network protocols for network communication and is used if applications want to send a large amount of data to each other to take advantage of the process of deregulation.

So what is the problem ?!
When Internet objects use these mechanisms to open the Internet without authentication or checks, or when this authentication data is easy to guess, hackers exploit the opportunity to find devices that use such protocols and misuse them and exploit this series of wrong steps for device manufacturers To conduct their attacks.

Akami researchers said they found 4.8 million open-source devices that could be abused, including more than 700,000 with more network-wide gaps. The researchers found evidence that the attackers exploited more than 65,000 devices by exploiting these vulnerabilities to direct malicious orders to the router mechanism that controls traffic flow. These devices have been grouped together in a variety of ways and routed to more than 17,000 IP addresses of attackers to drive traffic and cover their movements.

Increased frequency of attacks

Symantec Corp. (Nasdaq: SYMC) announced last month that Symantec is tracking its "Inception Framework" using the UPnP protocol to set up a proxy to target routers and obscurely control its cloud communications. However, observers believe that such situations can not become common because of the difficulty of preparing such schemes. It is difficult to attack hundreds of personal routers and also difficult to test. Data leakage occurs mostly due to implementation errors, making it easier for attackers to do their job.

Akamai's researchers also note that the proxy protocol was not only developed for malicious purposes, but was also used to overcome some countries' restrictions and network controls - such as in China - to get Internet access without Restrictions. Even if a user uses a firewall, he or she can use a proxy network based on hardware with holes to connect to web servers that may be locked in place in general.

No trick to users and manufacturers to act

Users can not tell if their devices are being exploited for UPnP proxy attacks, and if they know they can only buy new devices. The burden is now on manufacturers to improve the implementation of UPnP protocol to avoid these loopholes. The Akamai report revealed that 400 Internet devices had been exposed to 73 of the brands' risks of exploitation.

If the overall purpose of the proxy setting is to hide the actions and prevent the trace, we must make sure that there is a lot of unknown to us about how to prepare the attackers for the proxy using the UPnP protocol and why they did so.