Flash Attack Could Turn Routers Into Zombies

Experts say online criminals could exploit UPnP to hijack routers
By Rob Quinn,  Newser Staff
Posted Jan 16, 2008 1:11 PM CST
Researchers say 99% of home routers are vulnerable to attackers using Flash and UPnP to hijack their routers. They recommend disabling UPnP, although this could make it difficult for non-technical users...   (KRT Photos)
camera-icon View 2 more images

(Newser) – Security experts have demonstrated how attackers could use Flash software and the Universal Plug and Play (UPnP) protocol to hijack their home routers, reports PC World. Users exposed to a malicious Flash file could have the servers they're trying to reach changed remotely and secretly, meaning a fraudster could redirect the user to phony bank or e-commerce websites even if they typed the right address into their browser.

If you're not a computer whiz, turning off UPnP on your router will make it difficult to use applications like instant messaging and Skype, but the experts said the extra security could be worth it if it can prevent routers being turned into "zombies." One expert disagreed, however, pointing out that criminals haven't even started using this kind of attack.