In the news recently, it was discovered that a whole stack of consumer routers have copied and pasted Intel’s UPnP reference code into their router firmware. Unfortunately, the UPnP protocol was designed to be used on private networks in order to allow for the automatic configuration of port forwarding thus avoiding the need for regular users to work out how to do that manually. The reference code from Intel had no built in security and also made no specifications as to where the protocol should be made available which resulted in UPnP being accessible from the public internet.
Ultimately, this could allow malicious people to reconfigure your network from outside without any authentication – oops.
Luckily, there is an easy way to find out if your network is at risk:
- Head on over to GRC’s ShieldsUP page,
- Click the Proceed button,
- On the following page, click on the orange button that says GRC’s Instant UPnP Exposure Test,
- Wait for the results.
If the response comes back as either No Response or Rejected then that’s a good thing but if it comes back with an Exposed result then you should consider looking in your router’s settings and turning off UPnP.
Hopefully, router manufacturers will update vulnerable firmware but this would be more likely for newer routers whilst older routers would be left stranded. If this is the case with your router, you may consider checking out if a third party firmware such as Tomato is supported and, if so, installing it. If your router is old then you have no warranty to void and the only thing to worry about is the actual upgrade process itself.
Follow Us!