UPnP flaws expose tens of millions of networked devices to remote attacks, researchers say

Researchers from Rapid7 found severe vulnerabilities in UPnP libraries used in thousands of products

By Lucian Constantin, IDG News Service |  Networking

ISPs were advised to push configuration updates or firmware updates to subscriber devices in order to disable UPnP capabilities or to replace those devices with others that are configured in a secure manner and don't expose UPnP to the Internet.

"Home and mobile PC users should ensure that the UPnP function on their home routers and mobile broadband devices has been disabled," the researchers said.

In addition to making sure that no external-facing device exposes UPnP to the Internet, companies were advised to perform a careful review of the potential security impact of all UPnP-capable devices found on their networks -- networked printers, IP cameras, storage systems, etcetera -- and consider segmenting them from the internal network until a firmware update is available from the manufacturer.

Rapid7 released a free tool called ScanNow for Universal Plug and Play, as well as a module for the Metasploit penetration testing framework, that can be used to detect vulnerable UPnP services running inside a network.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

NetworkingWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question