Home page logo
/

isn logo Information Security News mailing list archives

Unplug Universal Plug And Play: Security Warning
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 31 Jan 2013 03:06:17 -0600 (CST)

http://www.informationweek.com/security/vulnerabilities/unplug-universal-plug-and-play-security/240147226

By Mathew J. Schwartz
InformationWeek
January 29, 2013

More than 23 million Internet-connected devices are vulnerable to being exploited by a single UDP packet, while tens of millions more are at risk of being remotely exploited.

That warning was issued Tuesday by vulnerability management and penetration testing firm Rapid7, which said its researchers spent six months studying how many universal plug and play (UPnP) devices are connected to the Internet -- and what the resulting security implications might be. The full findings have been documented in a 29-page report, "Security Flaws In Universal Plug and Play."

"The results were shocking, to the say the least," according to a blog post from report author HD Moore, chief security officer of Rapid7 and the creator of the open source penetration testing toolkit Metasploit. "Over 80 million unique IPs were identified that responded to UPnP discovery requests from the Internet."

UPnP is a set of standardized protocols and procedures that are designed to make network-connected and wireless devices easy to use. Devices that use the protocol -- which is aimed more at residential users rather than enterprises -- include everything from routers and printers to network-attached storage devices and smart TVs.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

  By Date           By Thread  

Current thread:
  • Unplug Universal Plug And Play: Security Warning InfoSec News (Jan 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault