IEEE Computer Society Newsfeed

Subscribe RSS

« Back

Researchers Discover Vulnerabilities in Plug-and-Play Systems

Security researchers have discovered that, of devices at more than 80 million unique IP addresses responding to Universal Plug and Play discovery requests, between 40 and 50 million of them are vulnerable to attack via UPnP. Although security problems with the protocol have been well known for at least a dozen years, the issues put networks at risk and the research served to quantify the extent of the issue. UPnP is a set of networking protocols that let routers, printers, network-attached storage, media players, smart TVs and other devices seamlessly communicate. The researchers from security-software vendor Rapid 7 said they discovered more serious problems than they expected when they began their study. For example, they found that the most commonly used software stack used by the Universal Plug and Play protocol to control the device is also the most vulnerable. (SlashDot)(ThreatPost)(Rapid7)

Trackback URL: