April's top threat: Universal Plug and Play vulnerabilities

By

Attackers execute arbitrary code.

What is it? 

April's top threat: Universal Plug and Play vulnerabilities

Security vulnerabilities have been discovered in Universal Plug and Play (UPnP), which lets network-enabled devices communicate with each other.

How does it work?

The flaws in UPnP Simple Service Discovery Protocol (SSDP), UPnP HTTP and Simple Object Access Protocol (SOAP) can be exploited by attackers to crash the service and execute arbitrary code. The SOAP vulnerabilities also expose private networks to attacks and data leaks. In some cases, attackers can get past the firewall to launch an attack on connected machines.

Should I be worried?

New research has shed light on the endemic extent of the vulnerabilities. It shows that 40-50 million UPnP-enabled devices are exposed to the internet and vulnerable to attack via these flaws. The possibility is that you could be affected.

How can I prevent it? 

UPnP should be disabled from all external-facing and/or critical devices. Users are encouraged to scan their networks for vulnerable UPnP services.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?