[ISN] Unplug Universal Plug And Play: Security Warning

http://www.informationweek.com/security/vulnerabilities/unplug-universal-plug-and-play-security/240147226 By Mathew J. Schwartz InformationWeek January 29, 2013 More than 23 million Internet-connected devices are vulnerable to being exploited by a single UDP packet, while tens of millions more are at risk of being remotely exploited. That warning was issued Tuesday by vulnerability management and penetration testing firm Rapid7, which said its researchers spent six months studying how many universal plug and play (UPnP) devices are connected to the Internet — and what the resulting security implications might be. The full findings have been documented in a 29-page report, “Security Flaws In Universal Plug and Play.” “The results were shocking, to the say the least,” according to a blog post from report author HD Moore, chief security officer of Rapid7 and the creator of the open source penetration testing toolkit Metasploit. “Over 80 million unique IPs were identified that responded to UPnP discovery requests from the Internet.” UPnP is a set of standardized protocols and procedures that are designed to make network-connected and wireless devices easy to use. Devices that use the protocol — which is aimed more at residential users rather than enterprises — include everything from routers and printers to network-attached storage devices and smart TVs. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org