|
|
|
|
|
|
by cassianoleal
1610 days ago
|
|
|
* Scenario 1: Malware running on your network requests port over UPnP. Router accepts it. Hacker has direct inbound access to code they control. * Scenario 2: Malware running on your network requests port over UPnP. Router denies it (UPnP is disabled). Malware doesn't know how to open a reverse tunnel. No inbound access. * Scenario 3: Same as 2, but malware sets up reverse tunnel. Hacker is in. * Scenario 4: Buggy and/or sloppy firmware that's not otherwise malicious requests port over UPnP even though it doesn't need to receive connections from the Internet. Router allows it. Hackers know about this slop and other CVEs on device. Network compromised. * Scenario 5: Same firmware from 4, but this time UPnP is disabled on router. It's safe to say this non-malicious firmware doesn't set up a reverse tunnel. No inbound access. This is obviously a very simple threat model but from here you can see that 2 out of 5 attack scenarios would have been prevented by disabling UPnP on the router. |
|
|
So this is useful if malware authors are just incredibly dumb?
Unconvincing. The only reason to disable UPnP seems to be "it might be really buggy" but that's true of all software and we don't disable all software. Yes, security in depth but that's taking it to a ridiculous extreme.