Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

UPnP flaws expose 50 million devices to attack, researchers find

Home users urged to disable protocol on routers

Article comments

Millions of consumer devices using the ubiquitous Universal Plug and Play (UPnP) protocol, including routers, printers, media servers and webcams, are vulnerable to a cocktail of dangerous security vulnerabilities, pen-testing outfit Rapid7 has discovered.

UPnP’s security raggedness is not exactly news but the scale of the problems discovered by Rapid7 in a five-month research exercise between June and November 2012 should still be a wakeup call.

Designed for use inside home networks to allow easy discovery and communication between devices, the company was still able to find 81 million external IP addresses that responded to UPnP SSDP probes, 17 million of which also exposed communication via Simple Object Access Protocol (SOAP) that can allow web access behind a firewall.

The researchers were able to identify 6,900 product versions from 1,500 vendors that were vulnerable to at least one flaw, equivalent to possibly as many as 50 million vulnerable IPs.

All told, 23.6 million were open to up to eight remote code execution vulnerabilities connected to the Portable UPnP SDK (now the open source libupnp SDK), developed as far back as 2001 by Intel, including to one flaw discovered by Rapid7 during its research.

“For the reasons outlined above, we strongly suggest that end users, companies, and ISPs take immediate action to identify and disable any internet-exposed UPnP endpoints in their environments,” said Rapid7’s HD Moore.

“UPnP is pervasive - it is enabled by default on many home gateways, nearly all network printers, and devices ranging from IP cameras to network storage servers.”

The SDKs could lie at the heart of the problem; only four of them, including Intel’s, accounted for 73 percent of the UPnP systems the firm was able to discover, a risky lack of diversity.

What Rapid7 and Moore have uncovered is a bit of a software mess; millions of devices exposed to attackers, and a large number of those vulnerable to known flaws that will likely never be fixed.

The problem is simply that devices have a short shelf life before they become obsolete; many are simply never updated.

Where updates were impossible “If the UPnP service cannot be disabled and the vendor does not have an update, it may be prudent to segment the device from the rest of the network,” recommended Moore.

Home users should make sure that UPnP was disabled on home and mobile broadband routers.

Windows users could download the free and simple ScanNow tool to check for vulnerable endpoints, he said, while Mac and Linux users could try the more complicated MetaSploit.

As to which products are affected, three lists have been published, starting with products affected by the UPnP SOAP issue, the Intel Portable UPnP (Intel) SDK flaws, and a third SDK with problems, the MiniUPnP.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *