Exploiting UPnP Protocol for Botnet Propagation and Control
Download: Poster (PDF)
Date: 12 May 2017
Document Type: Presentations
Additional Documents: Paper
Associated Event: NDSS Symposium 2017
With the development of Internet of Things (IoT), various devices connect to the Internet, which also bring us new security risks. To date, most research workers in the IoT security field focus on analyzing the weakness of devices from communication, configuration, backdoor and system vulnerability. However, with the increase of devices and protocol types, large-scale controlling is becoming more difficult. To change this situation, we studied the communication technology among devices and determined that the Universal Plug and Play (UPnP) protocol has the ability to identify IoT devices and distribute commands. Consequently, we propose an UPnP-based botnet, implementing bot propagation and control by exploiting the UPnP protocol. Moreover, we set up a re-infection mechanism to enhance the resilience. In general, the botnet, which has good accuracy in device discovery and status monitoring, is efficient and stable. The results of preliminary experiments indicate that our approach can be supported by the standardized parameters and protocol features of UPnP devices.