Security Alert: Disable Universal Plug and Play Now
February 2nd, 2013There are multiple security issues with Universal Plug and Play (UPnP) implementations, some of which have been known for years. (For those who aren’t familiar with UPnP, it’s a protocol that makes it easier to set up network devices. For example, it allows a PC to seamlessly connect with a new network printer.) Security researchers at Rapid7 performed tests to determine just how many Internet-connected systems were vulnerable, and the results were staggering—they found 81 million unique IP addresses that had at least one of the vulnerabilities, which comes out to about 40-50 million devices.
The vulnerabilities allow hackers to either crash the device or run arbitrary code. At first this may not seem like a big issue—I mean, who really cares if someone manages to hack your network scanner? But then if you think about it, what if they make copies of everything you scan and send them to a central server in Russia? Or what if your printer is hacked and they start printing spam? Or if they just decide to see how many devices they can bring down across the world?
You may be wondering, what does this mean for people like you and me? Most home users can safely ignore UPnP vulnerabilities on every network device except the Internet router/modem, provided the router’s firewall is enabled. But you will need to lock down the router. I was able to access my Actiontec router and quickly disable UPnP in the advanced settings. If you don’t know how to do this, I suggest contacting your ISP for help, or, if you purchased the router from a store, contact the manufacturer.
This web page will test your router and determine if it’s vulnerable. There’s also a free Windows program, ScanNow, that will check your local network to see which devices are affected. If you find one, the best thing to do is check the manufacturer’s website for firmware updates, although this may not fix the problem.
The linked white paper has technical details, as well as links to documents that list every vulnerable device. (These links are on the last page.)
Link #1: http://arstechnica.com/…
Link #2 (white paper): https://community.rapid7.com/…