Researchers have discovered a five-year old security vulnerability that’s still being used by hackers to access domestic WiFi networks in 2018.
Analysts at Qihoo 360 discovered that a security hole in the Broadcom UPnP SDK – first discovered back in 2013 – was still being used by hackers some five years later. This was because even though the original vulnerability (found on Cisco Linksys routers) was fixed, there was a bigger issue in that the firmware of many other routers based on the Broadcom chipset was also impacted. The reach of this flaw is huge, as Broadcom chipsets were used by numerous other manufacturers in their own WiFi routers.
Specifically, the issue that Qihoo 360 discovered concerned the Universal Plug and Play (UPnP) protocols, which allow various devices to connect to the network and one another straight out of the box. An extra contributing factor in this hack was that many devices have UPnP enabled as standard.
To take advantage of the vulnerability, cyber criminals created a botnet that scanned the internet to look for unsecured UPnP interfaces, so that malicious code could be run on them remotely – meaning no password was required to access the router.
This malicious code was found to communicate with many of the biggest email providers (including Outlook, Hotmail and Yahoo! Mail), suggesting that it was used to send spam messages.
It’s thought that as many as 100,000 active devices are recruited into the botnet every day (following a swift upturn in recent months), and the total number of affected devices worldwide is as many as 3.37 million.
The vast scope of this bot is thought to be partially due to its sophistication – with the as-yet anonymous creator having built a complicated multi-stage infection mechanism. As the Qihoo 360 team put it: “the author has profound skills and is not a typical script kid.”