The situation.

UPnP is a troublesome technology with problems dating back many years. What is UPnP?

For example, Gibson Research Corp have been providing testing software and procedures for years (originating in 2001) via their ShieldsUp! service.

Today (Jun 11th, 2020) Ars Technica provided details of another major hacking or attack exploiting this technology.

This new vulnerability called CallStranger (CVE-202-12695). discovered by a Turkish researcher, is just another in a long line of such vulnerabilities exploiting UPnP and it’s problems.

In 2013, 81 million devices were exploited. 100,000 routers exploited into a botnet in 2018. An additional 45,000 routers were used to spread the NSA exploits EternalRed and EternalBlue.

The Fix for UPnP problems.

Turn off UPnP

Fixing UPnP problems? They can be fixed; sort of!

For starters, Ars Technica in their article recommend using the F-Secure Router Checker. to check if your router and hence your network is exploitable. A list of known routers have been confirmed to be vulnerable are listed in Ars Technica’s article.

Along with F-Secure, I would suggest using the tools at GRC:

• GRC ShieldsUp!
• GRC UnPlug n’ Pray

The best solution is to turn UPnP off in your internet facing router. This is usually the router provided by your ISP.