U.S. government warns of hack threat to network gear article tells that The Department of Homeland Security urged computer users on Tuesday to to disable a feature known as Universal Plug and Play or UPnP because new security bugs were initially brought to the attention of the government by computer security company Rapid7.
UPnP is designed to make networked devices more easily accessible over the open Internet. That’s where the problem is. UPnP often eliminates the hassle of figuring out how to configure devices the first time they’re connected. But UPnP can also make life easier for attackers half a world away who want to compromise a home computer or breach a business network, according to a white paper published by researchers from security firm Rapid7.
Researchers find millions of vulnerable Net-facing printers, cams, and routers. Due UPnP and some other issues eighteen brands of security camera digital video recorders (DVRs) are vulnerable to an attack that would allow a hacker to remotely gain control of the devices (58000 of the hackable video boxes connected to Internet). People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, Web cameras, storage drives and “smart” or Web-connected TVs are often shipped with that functionality turned on by default.
Rapid7 identified 6,900 products sold by 1,500 separate vendors that contained at least one UPnP vulnerability. The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems.
To prevent hacking, disable Universal Plug and Play now. Make sure your router is locked down without UPnP holes. Disable UPnP on Internet routers to prevent your potentially hackable device from making itself accessible from external connections. There is going to be a lot more research on this. Simple targets such as home routers now become targets of greater interest.