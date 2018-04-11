Most everyone has a Wi-Fi router in their home and their workplace. Wi-Fi is everywhere and it's how most personal devices connect to the internet: a Wi-Fi router is connected to an internet gateway and your queries and messages zip on through. As detailed in a recent report, however, there's a good chance someone could hijack that Wi-Fi router, thanks to a new exploit that makes it pretty simple to set up a proxy server inside a protected Wi-Fi network and have it pass internet traffic along from almost any source. In other words, we have an all-new type of botnet to worry about. How it works UPnP (Universal Plug and Play) is a protocol that makes it easy for one device to connect and communicate with another. It's old, and it's been proven unsafe many times, but because it's designed to be used inside a protected network, nobody paid much attention to it. The new exploit can expose a UPnP socket on an internet connection to the outside world so a crafty person with the right script can connect, then inject a Network Address Translation (NAT) table and create a proxy server that any other device can use. UPnP is not secure and is outdated, but it's not meant to be used over the internet so nobody really cares. This works just like any other proxy server, which means it's almost like a VPN. Traffic sent to the proxy can be forwarded and when it reaches its destination, the origin is hidden. The NAT that is injected can be modified to send any traffic anywhere, and unless you have the right tools and are actively looking for it, you would never know if this was running on your network. The worst part of it all is the list of affected consumer routers. It's huge, with almost every company and its most popular products on it. It's so long we're not going to copy it here and instead direct you to Akami's wonderfully put together .pdf presentation. How bad is this?

The sky isn't falling. It's bad, but because it needs to query an open internet socket for information several times in different ways, then put the right information into the payload, it isn't going to spread unchecked. Of course, this would change if someone were able to automate the process and should this become self-replicating and one bot can attack a network to install another bot, things would get really ugly really quickly. Bots are bad. An army of them can wreck almost anything. A botnet is a group of small servers installed on separate networks. These small servers are called bots and can be programmed to accept almost any command and try to run it locally or try to run it on a different remote server. Botnets are bad not because of what they do but what they can enable other machines to do. The tiny bit of traffic from a bot connecting to its home is unnoticeable and doesn't affect your network in any real way, but with the right commands you can have an army of bots doing things like phishing account passwords or credit card numbers, attacking other servers through DDoS flooding, distributing malware, or even brute-force attacking a network to gain access and admin control. A bot can also be commanded to try any or all of these things on your network instead of a remote network. Botnets are bad. Very bad. What can I do?