THE NSA’S FINE track record of making the world a safer place looks set to continue, as its leaked EternalBlue hacking tools have resulted in over 45,000 routers being compromised. Who knew that insecurity also came under the National Security Agency’s remit?
The figure comes from content delivery network Akamai which wrote in a blog post that tens of thousands of routers have been compromised via a vulnerability in the implementation of Universal Plug and Play (UPnP) – the protocol that lets devices recognise each other across local networks without needing to waste time on things like reading the manual.
From 3.5 million devices examined, Akamai says that around eight per cent carry a vulnerable version of UPnP. The attack exposes ports 139 and 445, opening up nearly two million computers, phones, smart speakers, robot vacuum cleaners, tablets, and other devices connected to said routers.
“Victims of this attack will be at the mercy of the attackers, because they’ll have machines existing on the internet that were previously segmented, and they’ll have no idea this is happening,” Akamai writes. “Moreover, machines within the network that had a low priority when it came to patches will become easy pickings.”
What happens to devices that are infected, then? That’s where Akamai’s insights end, unfortunately, and we’re left to speculation – but it won’t be good. This isn’t one of those charming, friendly hacking exploits, rather it’s likely it could “yield a target rich environment, opening up the chance for such things as ransomware attacks, or a persistent foothold on the network.”
So what can you do? Well, dull as it sounds, updating your router firmware is a good first step, but you can also disable UPnP completely as a preemptive strike.
If you’re already infected, Akamai reckons you should go router shopping (are there any two worse words in the English language?), but if the idea fills you with dread, then just doing a factory reset and disabling UPnP should do the trick. µ
Source : Inquirer