[Discuss] Ban UPnP? Re: The Mirai botnet
Rich Braun
richb at pioneer.ci.net
Tue Nov 1 14:32:53 EDT 2016
Finally, I see a company name attached to this Mirai botnet problem: Hangzhou
Xiongmai Technologies, whose devices leave an essentially unprotected (and
unprotectable) telnet server open.
http://qz.com/819391/a-collision-of-chinese-manufacturing-globalization-and-consumer-ignorance-could-ruin-the-internet-for-everyone/
The article mentions nothing about UPnP, though, so I'm still left wondering
how the attack happened. Another article notes Xiongmai's response, which
includes a product recall:
http://www.welivesecurity.com/2016/10/24/webcam-firm-recalls-hackable-devices-mighty-mirai-botnet-attack/
And their IPC (IP camera) product specs do include UPnP, so presumably it's
enabled by default and causing also-unsecure Netgear/DLink/Linksys defaults to
leak their open TCP ports out onto the open Internet.
What will these router vendors' response be? And is it appropriate to begin a
campaign to discontinue support for UPnP (by all products everywhere), as was
done a few years ago for the non-secure wifi WEP auth protocol?
-rich
More information about the Discuss
mailing list