On January 29, the Department of Homeland Security issued a warning to computer users recommending they disable a networking feature that hackers have learned to exploit. The exposed security flaw could leave tens of millions of devices vulnerable to malicious attacks.
Universal Plug and Play (UPnP), in addition to several related features, could be leaving devices such as computers and printers accessible over the Internet. The U.S. Government's Computer Emergency Readiness Team advised users to disable UPnP in order to better protect their devices.
UPnP is a communications protocol designed to make it easy for users to set up networks by allowing networks to readily identify and communicate with equipment. However, many users are not aware of this security loophole, and hackers will likely have a “field day,” according to Dave Marcus, once the flaw is exposed.
Chief architect of advanced research and threat intelligence with Intel's (News - Alert) McAfee unit, Dave Marcus explained that, “Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation.”
Marcus is also a networking security consultant for the government and private corporations.
Fortunately for computer users, disabling the UPnP feature will have little effect on their devices.
A computer security firm in Boston, Rapid7, was the first to alert the government of the potential security threat this week. Rapid7 said they discovered between 40 and 50 million devices vulnerable to hacker exploits thanks to problems they identified with the current UPnP standard.
Breaches in network security are highly serious because they can allow unauthorized persons to access networks where they can access files, use printers, or even take full control of a computer.
Rapid7's chief technology officer commented that, “This is the most pervasive bug I've ever seen,” and the company has reported it to CERT, a group that helps researchers report vulnerabilities. The bug affects routers from more than 200 companies, including prominent networking firms such as Belkin, D-Link (News - Alert), Cisco, Linksys and Netgear.
Linksys was reportedly aware of the problem and recommended that users visit their website to disable UPnP.
Because it will take time for manufacturers to releases fixes for the bug, Rapid7 has released a free app to help users identify and repair vulnerable equipment.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, happening now in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Braden Becker