UPnP Becomes New Ladder of Hijacking for Cyber Attackers

In the second week of January 2008, security researchers revealed the codes used by the cyber attackers to misuse a couple of popular technologies to control the Internet browsing experience of a user.

The code was published by security researchers Petko Petkov and Adrian Pastor, uses the features in two different technologies: the Universal Plug and Play (UPnP) protocol, the feature used by various operating systems so that they can work with various devices on a network; and the Flash multimedia software of Adobe Systems.

As per Petkov, the vulnerability associated with the UPnP/Flash is pretty critical. Petkov further stated that it is malicious to alter primary Domain Name System (DNS) server, and the cyber attacker can efficiently use the UPnP to alter the domain name of the system just by viewing a malicious Flash file. The function of the primary DNS server that is used by the router is to locate other computers on the web.

Petkov commented in his statement published by InformationWeek on January 15, 2008 that the cyber attackers would efficiently utilize the flaws in the UPnP to transform router and the controlling network into a zombie. The flaws can also help the cyber hackers to reset the admin ID in order to create a kind of onion routing network as per the hackers' requirement.

The most worrisome factor of the attack is the cross-platform and each and every system that supports Flash is susceptible to the attack. Apart from that, Petkov also warned the users who are using a PC at home as the research finds 99% of the home routers getting affected by this malware. The UPnP functionality is by default a turned on feature and that is the reason the UPnP devices like cameras, digital entertainment systems, and printers are mostly at risk.

Aviv Raff, a security researcher who published a report about the attack in a blog, said that it is very much possible that Adobe can rectify the flaws in Flash to alleviate the problem, but the hackers are very much capable of inventing a new technique of attack called DNS pinning, even after that. The statement was reported by Washingtonpost on January 15, 2008.

» SPAMfighter News - 1/29/2008