UPnP: Unplug, Don't Play

For system help, all hardware / software topics NOTE: use Coders Corner for all coders topics.

Moderators: Krom, Grendel

Post Reply
User avatar
Grendel
3d Pro Master
3d Pro Master
Posts: 4390
Joined: Mon Oct 28, 2002 3:01 am
Location: Corvallis OR, USA

UPnP: Unplug, Don't Play

Post by Grendel »

Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
This whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. The paper investigates how three groups of security flaws relating to the UPnP protocol are exposing millions of users to attacks that could lead to a remote compromise of the vulnerable device.

We strongly recommend people to check whether they may be vulnerable, and if so, disable the UPnP protocol in any affected devices. Further details on mitigation strategies are included in the executive summary section at the front of the attached whitepaper. The document also includes details on the methodology of the research, breakdown and analysis of the findings and insights into the implications.
See also Rapid7 blog and US-CERT.
User avatar
BUBBALOU
DBB Benefactor
DBB Benefactor
Posts: 4198
Joined: Tue Aug 24, 1999 2:01 am
Location: Dallas Texas USA
Contact:

Re: UPnP: Unplug, Don't Play

Post by BUBBALOU »

SPLOITZ!

Turn off UPnP on your Router and block any negotiations(most routers)
For external use only - intranet protocols are still active

Or

For those routers that block both internal and external UPnP protocols

If you are into streaming DLNA (apple TV/Xbox) and such

At the minimum block external router ports

UDP port 1900 and TCP port 2869

I seem to have a better workout dodging your stupidity than attempting to grasp the weight of your intelligence.
Post Reply