29 Jan 2013
Security issues in a widely used suite of network protocols known as uPnP (Universal Plug-and-Play) could expose millions of devices to attacks, even without their users’ intervention.
According to the findings of Metasploit-maker Rapid7, 16 million IP addresses of the 81 million in the survey expose UPnP to the internet, making them a viable target for cyber-criminals even though they are firewalled.
UPnP is a discovery, notification and control protocol that allows devices such as routers, IP cameras, storage systems, and media servers (including smart TVs). It is widely used to facilitate communication between network devices and provide zero configuration for accessing services of network printers, for instance. While its use is beneficial inside the network, exposure of UPnP over the internet can give cyber-criminals everything they need to leverage an attack behind the firewall.
“The UPnP protocol suffers from a number of basic security problems, many of which have been highlighted over the last twelve years. Authentication is rarely implemented by device manufacturers, privileged capabilities are often exposed to untrusted networks, and common programming flaws plague common UPnP software implementations,” reads the Rapid7 advisory.
The Portable UPnP API was fixed earlier today, but since the SDK is part of a variety of products, its implementation in firmware for network devices depends on each manufacturer. Special attention should be paid when using network gear that has been phased out and support has been discontinued, as vendors are highly unlikely to provide patches.