Exploiting UPnP Protocol for Botnet Propagation and Control

Author(s): Di Wu, Binxing Fang, Xiang Cui, Chaoge Liu

Download: Poster (PDF)

Date: 12 May 2017

Document Type: Presentations

Additional Documents: Paper

Associated Event: NDSS Symposium 2017

Abstract:

With the development of Internet of Things (IoT), various devices connect to the Internet, which also bring us new security risks. To date, most research workers in the IoT security field focus on analyzing the weakness of devices from communication, configuration, backdoor and system vulnerability. However, with the increase of devices and protocol types, large-scale controlling is becoming more difficult. To change this situation, we studied the communication technology among devices and determined that the Universal Plug and Play (UPnP) protocol has the ability to identify IoT devices and distribute commands. Consequently, we propose an UPnP-based botnet, implementing bot propagation and control by exploiting the UPnP protocol. Moreover, we set up a re-infection mechanism to enhance the resilience. In general, the botnet, which has good accuracy in device discovery and status monitoring, is efficient and stable. The results of preliminary experiments indicate that our approach can be supported by the standardized parameters and protocol features of UPnP devices.