A severe vulnerability has been discovered in a core protocol found in almost all internet of things (IoT) devices. The vulnerability, named CallStranger, allows attackers to hijack smart devices for distributed denial of service (DDoS) attacks, but also for attacks that bypass security solutions to reach and conduct scans on a victim’s internal network — effectively granting attackers access to areas where they normally wouldn’t be able to reach.
The CallStranger vulnerability allows attackers to use the Universal Plug & Play (UPnP) protocol to DDOS & port scan. Numerous devices have UPnP & need to be updated; until your device is updated to address CallStranger disable UPnP, especially on routers.https://t.co/silbgb3tp6
— Koroush Ghazi (@KoroushGhazi) June 9, 2020
Experts Comments
Linkedin Message
@Craig Young, Principal Security Researcher , provides expert commentary at @Information Security Buzz.
"The SUBSCRIBE method in UPnP allows nodes on the network to register a URL to receive callbacks as specified conditions are met...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-callstranger-vulnerability-lets-attacks-bypass-security-systems-and-scan-lans
Facebook Message
@Craig Young, Principal Security Researcher , provides expert commentary at @Information Security Buzz.
"The SUBSCRIBE method in UPnP allows nodes on the network to register a URL to receive callbacks as specified conditions are met...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-callstranger-vulnerability-lets-attacks-bypass-security-systems-and-scan-lans
Linkedin Message
@Ilia Kolochenko, Founder and CEO, provides expert commentary at @Information Security Buzz.
"It is nonetheless perfectly possible to identify the “heart and the brain” of the system...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-callstranger-vulnerability-lets-attacks-bypass-security-systems-and-scan-lans
Facebook Message
@Ilia Kolochenko, Founder and CEO, provides expert commentary at @Information Security Buzz.
"It is nonetheless perfectly possible to identify the “heart and the brain” of the system...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-callstranger-vulnerability-lets-attacks-bypass-security-systems-and-scan-lans
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Bryan Skene, CTO, provides expert commentary at @Information Security Buzz.
"The CallStranger vulnerability highlights the importance of network invisibility...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-callstranger-vulnerability-lets-attacks-bypass-security-systems-and-scan-lans
Facebook Message
@Bryan Skene, CTO, provides expert commentary at @Information Security Buzz.
"The CallStranger vulnerability highlights the importance of network invisibility...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-callstranger-vulnerability-lets-attacks-bypass-security-systems-and-scan-lans