Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
The State of Security
Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months.
Analysts working at Qihoo 360’s Netlab team say that they first identified the new botnet in September 2018. They have dubbed it “BCMUPnP_Hunter” because of its exploitation of a security hole in the Broadcom UPnP SDK first discovered in 2013.
UPnP (also known as Universal Plug and Play) is the umbrella term for the networking protocols used to connect all manner of computers and IoT devices to one another. It is not uncommon to find that devices have UPnP enabled by default.
Back in 2013, the Broadcom UPnP vulnerability was found on Cisco Linksys (now Belkin) WRT54GL routers, and a fix was created. However, what raised particular concerns at the time was that the vulnerability was discovered to be presented in the firmware of many routers based on the Broadcom chipset, manufactured by a wide range of companies.