Microsoft has discovered a vulnerability in the Universal Plug and Play (UPnP) that is used by some IoT devices. This vulnerability could allow an attacker to carry out arbitrary remote code execution on an IoT device, as well as perform a man-in-the-middle attack to control the device according to Microsoft.
Industry experts have been warning for years about the growing risk of insecure, connected devices known as the Internet of Things (IoT). Today’s disclosure from Microsoft highlights how this risk can affect supply chains and go beyond just consumers’ homes where people have become accustomed to updating their gadgets themselves in order to stay secure.
“The UPnP protocol is used in a wide range of IoT devices and Microsoft’s recent findings highlight the fact that the current implementation of this protocol is vulnerable to remote exploitation,” says Jérôme Segura, lead malware intelligence analyst at Malwarebytes. “This attack vector gives an attacker control over a device that can be leveraged from a large number of angles. For example, it can be used to run code on the device or to carry out man-in-the-middle (MiTM) attacks. This vulnerability will not only increase the security risk for IoT devices but also for every network that these vulnerable devices connect to. Although the exploit is not easy to carry out, the long-term implications of a successful campaign are particularly worrisome.”
Malwarebytes already has protections in place to prevent known attacks leveraging this vulnerability through its Cloud Threat Protection service.
“This is another great example of what can happen if IoT/connected devices are not secured properly,” says Owen Dirks, senior security research engineer at Rapid7. “Windows-based IoT device manufacturers should be reviewing their products to ensure they have updated the UPnP libraries embedded on their products, and that they are using secure communication channels (e.g., TLS over WPA2) with embedded device control services such as the HTTP API and other APIs.”
In their announcement, Microsoft offered several preventative measures to address this issue. First, they recommend that security teams pay particular attention to any UPnP-related ports on their firewalls during scans for open ports. Second, they suggest that network administrators look for any UPnP requests on their network traffic. Finally, they advise that users and businesses disable UPnP on any device that is not being used for a specific purpose.
“Microsoft’s report shows the power of open source to make the Internet safer,” says Chris Sistrunk, senior security consultant at NTT Security.
| Homepage | Click Hear |
