A severe vulnerability has been discovered in a core protocol found in almost all internet of things (IoT) devices. The vulnerability, named CallStranger, allows attackers to hijack smart devices for distributed denial of service (DDoS) attacks, but also for attacks that bypass security solutions to reach and conduct scans on a victim’s internal network — effectively granting attackers access to areas where they normally wouldn’t be able to reach.
The CallStranger vulnerability allows attackers to use the Universal Plug & Play (UPnP) protocol to DDOS & port scan. Numerous devices have UPnP & need to be updated; until your device is updated to address CallStranger disable UPnP, especially on routers.https://t.co/silbgb3tp6
— Koroush Ghazi (@KoroushGhazi) June 9, 2020
