While I'm normally all for flashy and funny introductions, there is no time here. A security study performed by Rapid 7, a security community, found that there are 40-50 million UPnP (Universal Plug and Play) devices with massive security flaws. UPnP allows devices such as routers or smart TVs to communicate with one another wirelessly, which then enables you to share your files with anyone authorized on the network etc. This can be great for a large house or office where it is important that everyone has quick and easy access to files. UPnP can also enable your smart devices to sync to one another, allowing you to control your television remotely, and so on. These are all convenient and great features; however, according to a study published by Rapid 7 today, many of these devices can be accessed too easily ¬- from the internet.
Rapid 7 sent numerous simple service discovery protocols (SSDP), which are usually used by your system to find a new UPnP enabled device on your network. What they ended up finding was that 2.2 percent of all public IPv4 addresses showed up. This may sound like a small number, but rest assured, it is not. This equates to about 81 million unique IP addresses, all tied to different people. With these addresses, and the security flaws present in some older UPnP devices, it would be possible for a hacker to not just look at your public photos and files, but also obtain extremely personal and compromising information.
There are software and firmware updates available for many newer devices which can negate this risk, however, many devices are considered too old and will not be supported. This is not limited to your grandma's ten year old dial up modem, but some devices that may only be a year old. If you are unsure, as most of us probably are, Rapid 7 has released a tool which can tell you if your UPnP devices are at risk or not. If you are at risk, rest assured that all hope is not lost, as you can still disable the UPnP functions on your devices if you are at risk.
If you are indeed at risk, or simply want to be safe, and on Windows 7, disabling your UPnP services is rather simple. Click the "start" button at the bottom left corner of your screen, go to the search box, and type in "services.msc." You will then look for "UPnP Device Host." Stop that service, then click the "disable" button. If you are on Windows 8 the instructions are a bit lengthier, and will be linked at the bottom of the page, just look for the E-how article.
While this is all very frightening, it is nothing to panic about. Stay calm, scan your devices, and disable UPnP if needed. You are likely safe for now, but getting on top of this issue now is absolutely paramount if you want to STAY safe. If you are a business owner and in need of cybersecurity, I would highly recommend contacting Leonard-McDowell about purchasing ePArmor, a provider of cutting edge security solutions. This is especially important with the discovery of such a massive security loophole being present in such a massively popular type of device. As always, stay safe.
If you are unsure about the safety of your UPnP enabled devices, run Rapid 7's tool and find out, here.
For details on disabling UPnP features in Windows 8, please head over to this ehow article which covers it in great detail.
If you are interested in reading the full Rapid 7 report, you can find it here.
|< Prev||Next >|