A security engineer called Yunus Çadirci discovered a flaw in this highly universal platform in December 2019. Çadirci claims that an intruder will send TCP packets to a remote system that includes a malformed response header value in the UPnP SUBSCRIBE feature.
In a CallStranger attack, the hacker essentially targets the device’s internet-facing interface but executes the script on the device’s UPnP feature, which typically functions on the LAN.
The whole distorted header can be misused to take control of every smart device left online that claims to support UPnP protocols — such as security cameras, DVRs, printers, routers, and others.
Steadily for the past year, Çadirci informed the OCF that perhaps the organization has revised the UPnP protocols since its report. These modifications to the UPnP protocols officially launched on April 17, 2020, and the CERT / CC team says, “as this is a protocol vulnerability, it may take quite some time for vendors to provide patches,” Çadirci stated presently, proposing that firmware patches might have been long ways coming.
Çadirci claims that intruders can use the CallStranger bug to effectively circumvent network security tools, circumvent encryption, and thus search the organization’s corporate servers. This involves DDoS attacks where even the attacker might rebound and escalate TCP traffic on Internet-enabled UPnP-enabled devices, including data exfiltration where the attacker extracts data from the Internet-enabled UPnP-device.
Besides, Çadirci has also released proof-of-concept scripts that businesses can use to assess if their smart devices are susceptible to any of CallStranger attacks.
The security breach of CallStranger also is monitored as CVE-2020-12695. There are reportedly about 5.45 million UPnP-enabled devices connecting to the Internet, rendering it a suitable target for IoT botnets and APTs.