Universal Plug And Play Flaw Impacts Millions of Devices

By Robert Westervelt
January 31, 2013 10:00 AM ET

A protocol standard designed to make it easy to integrate routers, printers, IP cameras and millions of other network-enabled devices contains a number of weaknesses that can expose networks to attack.

The United States Computer Emergency Readiness Team (US-CERT) is warning about weaknesses in the Universal Plug and Play protocol, following a research paper issued by Rapid7 that identified protocol vulnerabilities and configuration errors. Rapid7 found that of 81 million UPnP-enabled devices exposed to the Internet, about 20 percent -- or more than 16 million devices -- allow an attacker to target systems behind the firewall.

HD Moore, the creator of the Metasploit penetration tool and chief security officer of Rapid7, found the errors during a laborious project that included nearly six months of actively scanning the Internet.

"Authentication is rarely implemented by device manufacturers, privileged capabilities are often exposed to untrusted networks, and common programming flaws plague common UPnP software implementations," Moore wrote in a paper outlining the UPnP problems. "These issues are endemic across UPnP-enabled applications and network devices."

The issue impacts more than 1,500 vendors and 6,900 products, according to the report. UPnP support is enabled by default on Windows, Mac and many distributions of Linux. Up to 30 UPnP-enabled device makers, including Cisco Systems, Fujitsu, Huawei, Motorola and Sony, have issued updates this week to repair the errors.

Organizations should replace systems that do not provide the ability to disable this protocol, Moore said in the report. Consumers should also take action, ensuring that the UPnP function is disabled on home routers and mobile broadband devices. "Unfortunately, the realities of the consumer electronics industry will leave most systems vulnerable for the indefinite future," he said.

Numerous vulnerabilities in the UPnP protocol have been discovered by security researchers over the past decade and have been the subject of presentations at Defcon and Black Hat hacker conferences.

PUBLISHED JAN. 31, 2013

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	10 Security Companies That Have Scored CIA Funding CIA-funded venture firm invests millions in technology startups, mostly security firms. Find out which security companies won In-Q-Tel funding.
	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	More Slide Shows