Mass router hack exposes millions of devices to potent NSA exploit

by
Dan Goodin
from Ars Technica - All content on (#43Z96)
router_ars.jpg

More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday.

The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports-which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed-provide a strong hint of the attackers' intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play-often abbreviated as UPnP-to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets. In Wednesday's blog post, the researchers wrote:

Read 6 remaining paragraphs | Comments

index?i=nsHyuY_Oyq8:BiAcOCbx8VY:V_sGLiPB index?i=nsHyuY_Oyq8:BiAcOCbx8VY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments