Wednesday, February 20, 2013

Check your router’s vulnerability

A recent security vulnerability has been unearthed in many routers previously though safe. Universal Plug and Play (uPNP) is a method of easily configuring a router automatically to allow traffic to flow from the Internet into the local network. It should only be accessible from devices inside the local network. However, as it turns out, the vulnerability allows devices on the Internet to potentially reconfigure a router. This is REALLY, REALLY bad to say the least.
Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw
You can find out more about the specific of the issues at:
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
So advice is that you should check to ensure your router is not vulnerable. To do this visit grc.com and go to the Shields Up page like so:

Click on the GRC’s Instant UPnP Exposure test.
Hopefully you will see:

If not then you need to take steps to ensure you rectify any issues discovered.