I hope you enjoy reading this blog post.

If you want my team to just do your IT services for you, click here.

UPnP devices are a security risk

by | 0 comments

The security of a company’s networks and devices is a common issue many managers and owners face. There are a near constant stream of new threats brought to light, some of which are more important than others. The majority of the time these threats are to the software, but a recent one is hardware based and puts millions of systems at risk.

At the end of January, numerous news and tech media services issued warnings about UPnP (Universal Plug and Play) enabled devices. This was taken to be a big issue because of the widespread adoption of these devices and the fact that many of them have little to no security measures, which could open whole systems to attacks. Many business owners and managers are wondering what exactly is UPnP and how it can open systems to attack.

UPnP defined
UPnP is a protocol or code that allows networked devices like laptops, computers, Wi-Fi routers, and many modern mobile devices, to search for and discover other devices connected to, or wanting to connect to, the same network. This protocol also allows these devices to connect to one-another and share information, Internet connection and media.

A good example of UPnP in use is your laptop. When you first connect your laptop to your router, you likely have to enter a password and maybe even the router’s network name. Without UPnP you would have to find the network and enter the password each time you want to connect to the Internet. With UPnP, your laptop can automatically connect whenever it’s in range.

Why is UPnP a security threat?
UPnP has been in use for the better part of seven years and has since come to be found in nearly every device that connects to the Internet – pretty much everything. While it was written for devices in the home e.g., Wi-Fi routers, many businesses also use these devices because they are often easier to set up and cost less than their enterprise counterparts.

Because of the sheer number of devices that use this protocol, and the fact that it’s engineered to respond to any request to connect to the device, it makes sense that this could be a security issue. A recent study tested the security of UPnP and revealed some interesting results.

Rapid7, the company that conducted the study, sent UPnP discovery requests to every routable IPv4 address. – IPv4 (Internet Protocol version 4) is a set of protocols for sending information from one computer to another on the Internet. A routable IPv4 address is one that can be contacted by anyone on the Internet. They found that over 80 million addresses used UPnP, and 17 million of these exposed the protocol that enables easy connection to the system or device. This can be easily exploited by hackers.

In other words, 17 million systems, many of which could be businesses, are open to attack through the UPnP device. This security threat opens networks to denial-of-service attacks which make resources, including the Internet, unavailable to the user. One example of a popular denial-of-service attack is a hacker making your website unavailable to others.

Can we do anything?
Most experts are recommending that you disable UPnP on your networked devices. The first thing you should do however is to conduct a scan for vulnerable UPnP devices on your network. Tools like ScanNow (for Windows) can help you search. For many, this is a daunting prospect, as the chance of creating more issues is just too great.

We recommend contacting an expert like ourselves, who can conduct a security analysis and advise you on steps you can take to ensure you are secure. So, if you are worried about the security of your systems, give us a call today. We may have a solution for you.

Published with permission from TechAdvisory.org. Source.

Written by

Varay

About

Our blog provides actionable IT insights that empower you to enhance your company today. Keep up to date with the latest business technology, cybersecurity practices, and more by subscribing below!

Subscribe

Partner with Varay for IT Excellence and Business Growth!

Get In Touch

Partner with Varay or IT Excellence and Business Growth!

Your path to enhanced services and business growth starts here. Act now to elevate your IT experience with Varay!