You know by now that Internet of Things devices like your router are
often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can
hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm
Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was
originally exposed in 2006.
Over the last decade, reports have increasingly detailed the flaws and vulnerabilities that can plague insecure implementations of a set of networking protocols called Universal Plug and Play. But where these possibilities were largely academic before, Akamai found evidence that attackers are actively exploiting these weaknesses not to attack the devices themselves, but as a jumping off point for all sorts of malicious behavior, which could include DDoS attacks, malware distribution, spamming/phishing/account takeovers, click fraud, and credit card theft.
To pull that off, hackers are using UPnP weaknesses in commercial routers and other devices to reroute their traffic over and over again until it's nearly impossible to trace.
This creates elaborate "proxy" chains that cover an attacker's tracks, and create what Akamai calls "multi-purpose proxy botnets."
"We started talking about how many of these vulnerable devices are out there and what can they be leveraged for, because most people seem to have forgotten about this vulnerability," says Chad Seaman, a senior engineer on the security intelligence response team at Akamai. "As part of that we had to write some basic tools to find what was vulnerable. And some of these machines did have very abnormal [activity] on them. It was not something that we honestly expected to find and when we did it was kind of like 'uh oh.' So this theorized problem is actually being abused by somebody."