Philosophically Secure

pdp posted an interesting little article. He describes how he can take over a home router (like the kind someone might use with a cable modem) using a malicious Flash application and UPnP (Universal Plug-n-Play). Basically, all the user/victim has to do is load up a website with this particular Flash application embedded in it. Then the attacker can make whatever changes to the router he likes, such as disabling the firewall, forwarding ports to the outside, or even changing the DNS server.

As pdp states, this isn’t necessarily a bug, but rather an unintended consequence of the fact that UPnP does not require any authentication. I guess they figured since it only listens for multicast on the internal interface, that it’s not a big deal. If you don’t actually need UPnP functionality, disabling it might be a good idea.