Universal PnP devices being harnessed for massive DDoS attacks
By Digital News Asia October 17, 2014
- 4mil Universal Plug and Play devices may be vulnerable
- Affects routers, media servers, webcams, smart TVs and printers
AKAMAI Technologies Inc’s Prolexic Security Engineering & Response Team (PLXsert) is warning the security community, device vendors, Internet service providers (ISPs) and enterprises of the risk of massive distributed denial of service (DDoS) attacks involving Universal Plug and Play (UPnP) devices.
In a statement, PLXsert said it has observed the use of a new reflection and amplification DDoS attack that deliberately misuses communications protocols that come enabled on millions of home and office devices, including routers, media servers, webcams, smart TVs and printers.
The protocols allow devices to discover each other on a network, establish communication and coordinate activities, it said.
DDoS attackers have been abusing these protocols on Internet-exposed devices to launch attacks that generate floods of traffic and cause website and network outages at enterprise targets.
“Malicious actors are using this new attack vector to perform large-scale DDoS attacks. PLXsert began seeing attacks from UPnP devices in July, and they have become common,” said Stuart Scholly, senior vice president and general manager of the Security Business Unit at Akamai.
“The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch.
“Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat,” he added.
PLXsert said it found that 4.1 million Internet-facing UPnP devices are potentially vulnerable to being employed in this type of reflection DDoS attack – about 38% of the 11 million devices in use around the world.
It said it will share the list of potentially exploitable devices to members of the security community in an effort to collaborate with cleanup and mitigation efforts of this threat.
“These attacks are an example of how fluid and dynamic the DDoS crime ecosystem can be,” said Scholly.
“Malicious actors identify, develop and incorporate new resources and attack vectors into their arsenals. It’s predictable that they will develop, refine and monetise these UPnP attack payloads and tools in the near future,” he added.
A complimentary copy of PLXsert’s advisory is available for download at www.prolexic.com/ssdp.
Vulnerable home routers expose ISPs to attacks, especially in Asean
DDoS attacks grow, era of botnets: Akamai’s Prolexic report