Potentially serious security hole in your router

[Spire]

Hi all

I thought I would share with u all my recent discovery of a security problem that your router may have, leaving you wide open to all sorts of problems.

To give you a brief description of the problem here goes,

To make it easy for consumers to connect new devices to there network, or indeed a computer, there is a piece of software called UPnP (Universal Plug and Play) now what this software does is talk to the new device that you have just connected and says to the new device what changes do u want me to make,  so the new device will work, UPnp then proceeds to make the changes requested and when the  changes have been made you will normally get a little pop up on you PC your new device is ready to use, now if you run security software u will mot likely get a pop up asking if you want to allow the changes, if u do not run security software then all u will get is the pop up after the changes have been made telling you your new device is ready to use.

At this point I along with you think great that was easy to set up and away we go using our shiny new device, camera, mouse, web cam etc.

Well it turns out that this software UPnP was originally written to support a research paper that was illustrating how UPnP might be achieved some 15 to 20 years ago, and to make the UPnP software concise and easy to see what it was doing ABOSLUTLY NO SECURITY OF ANY DESCRIPTION WAS IN THE SOFTWARE.



Now to the real point of my post, your router which of course is your point of contact with the World Wide Web internet, out there on the internet there are lots of people checking your router to see if the door is open.

Most routers today will have UPnP installed on it facing your local network and inaccessible to the internet, this allows the likes of Xbox or other new network device that need to access the internet to connect to your network and change the settings on your router to enable the Xbox etc to work, and we all think great easy peasy I can go get em.

So some router manufactures either by design or by mistake have made UPnP available on the internet side of the router as well, remember that UPnP has ABOSLUTLY NO SECURITY OF ANY DESCRIPTION.

Now routers are the main target for internet hackers but any device connected to you network is likely to have UPnP and if it can be accessed from the internet it would be possible to change settings on your router allowing potential villains into your network.

I have 2 suggestions as follows

Login to your router and turn of UPnP

and visit the website below to do a check, the website will check to see if you have UPnP open to the internet, I have been using this website for years on and off to check my exposure to the internet, the site is run by a reputable security expert Steve Gibson, the site will not install any software on your computer, all the site does is probe your router and report back.

https://www.grc.com/x/ne.dll?rh1dkyd2

Follow the link and click GRC Instant UpnP Exposure Test.

In case you are wondering what's in it for me, well the answer is absolutely nothing I bring you this post in the hope that it will make your computing activities a little more secure, feel free to google Upnp exploit etc
 
And if you think well I have just got a new router I will be fine, a scan of the IP addresses in the IPV4 range which is some 2 billion addresses some 81 million were found to be exposing UPnP to the internet, and 1700 to 2000 equipment manufactures were or still are selling equipment with this as a security issue.

If you are thinking that well I am 1 amongst 2 billion it will be unlikely they will find me, then think again the people that scanned the 2 billion IP addresses were scanning all 2 billion on about a 2 week cycle.

Now I am no security expert far from it, I am just a budding computer geek, with a little knowledge and u know what the say about that

So do the check and take remedial action if you need to before a some internet scumbag  checks router door and finds it open an comes in and helps themselves to you personal data or whatever else they fancy doing.




PS: I checked my BT router using the above site and found a management port open on the router, and it was impossible to close the port, so I put my hand in my pocket an purchased my own router that I have full control over, needless to say the port is not open now.

[Fly]

Good post Spire, I've used this link to grc.com a few times.  https://www.grc.com/x/ne.dll?bh0bkyd2
From that link you can test your Upnp and all other ports on your PC. Mine is 'Stealth'. No one's getting in.
All my ports are blocked.

If anybody wants a step by step walk through, feel free to ask me or Spire. 
@Pete, not sure if grc.com is for Macs, I'm sure you know of a similiar site ?
 

[Alsatian]

Good post Spire, I've used this link to grc.com a few times.  https://www.grc.com/x/ne.dll?bh0bkyd2
From that link you can test your Upnp and all other ports on your PC. Mine is 'Stealth'. No one's getting in.
All my ports are blocked.

If anybody wants a step by step walk through, feel free to ask me or Spire. 
@Pete, not sure if grc.com is for Macs, I'm sure you know of a similiar site ?

Just checked my BT router and it passed with flying colours! 

[Fly]

There's always scaremongering threads or posts on the internet.
Thankfully for you, and me Alsatian, it's not a problem.
I'd not seen a reference to the issue before Spire brought to my/our attention.

[Kent]

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)

Seems mine is ok as well

[Spire]

Hi

Well I have BT Infinity and BT supplied the Home Hub 3 router the little black one, and on that router port 161 was open.

[therealjr]

My sky router seems ok as well. However just from a cynical point of view how do we know that this website isn't run by the people involved in this hacking? They tell you your router is ok but really it isn't and they can now exploit that fact safe in the knowledge you probably won't check again?

[Fly]

You tell us Sainsbury is cheaper or better. You trust them.
I trust the website Spire showed us. I have used it before 

Now tell me Norton aren't the biggest virus writers on the net !!!

[simondjuk]

I just got this from the link


Browser Reload Suppressed
For your security, your web browser's "reload"
function has been temporarily disabled
Allowing a web browser to "reload" a page which has already been sent to you creates a "security hole" that would allow someone using your computer at any later time to attain potentially private and personal information.

To safeguard your privacy we have disabled the browser's "reload" or "refresh" facility while you are in sensitive areas of our web site. Reloading pages will function normally once you have left this area . . . but until then please refrain from "reloading" pages.

You may press your browser's  [BACK]  button now to return to the page prior to the one you were just viewing.

[Fly]

Carry on. Its quite safe.

[Old Cruser]

Ok fessing up time - I haven't a clue what it's all about 

[Big Dave]

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

It's a BT router.

I've been using this web site for years. It's completely legit.