Posted by - November 21, 2018

It is becoming increasingly common for people to have their home devices interconnected via Universal Plug and Play (UPnP) due to the added convenience it brings to completing daily tasks such as dimming the lights or picking your playlist while you clean the house. Unfortunately, many people remain unaware of the dangers of not securing these devices. As a result, their devices are vulnerable to botnets, which are collections of devices infected with a common type of malware that are being controlled by a cybercriminal remotely, usually to distribute spam email.

A recent article discusses a recently discovered botnet that has been actively infiltrating around 100,000 home routers per day this past month and is using them to distribute spam messages. The BCUMUPnP_Hunter botnet, which has been growing in strength, exploits a 5-year-old UPnP vulnerability found in many familiar branded router models including CenturyLink, Linksys, NetComm, Technicolor and a few more. According to researchers, the exploitation of this vulnerability could have been avoided had the vendors issued a security update to the users and in turn the users installed the latest update onto their routers. While it is not yet known whether a security update was issued for the infected devices, consumers should beware of IoT devices that are not offered with security patches and updates. If you are using an IoT device that does not offer updates, it may be best to disable the UPnP setting to avoid being exploited by malicious botnets, and if you are using one that does offer updates, be sure to stay on top of them.

If you have any questions or concerns about the security of your IoT devices, OptfinITy is here to answer them. Feel free to give us a call at 703-790-0400, send us an email at, or visit our website at to learn more about securing your IoT devices or any other security concerns you may have related to your technology.

Leave a Reply

Your email address will not be published. Required fields are marked *