The U.S. Department of Homeland Security has issued a warning of a serious threat to networking devices, such as scanners, printers, computers and routers. Approximately 40 to 50 million devices worldwide are vulnerable to infiltration by hackers as a result of a flaw in a networking protocol.
UPnP, also known as Universal Plug and Play, allows devices that connect to networks to communicate seamlessly with one another and discover each other's presence in order to share files, print documents and access other shared resources.
Homeland Security is now concerned that the vulnerability could impact millions of machines, and warns users to update their software or disable UPnP altogether. Unfortunately it is not a simple fix, operating system makers—such as Apple and Microsoft—must create patches. It has already been found that over 1,500 vendors and 6,900 products identified were vulnerable, including products from vendors such as Belkin, D-Link, Linksys and Netgear.
The researchers found that there are numerous bugs with the UPnP protocol, which could ultimately put at risk tens of millions of networked devices—especially those connected directly to the Internet. It is now being suggested to "disable UPnP (if possible)," along with restricting networking protocols and ports, including Simple Service Discovery Protocol (SSDP) and Simple Object Access Protocol (SOAP) services from untrusted networks, including the Internet.
The concern is that hackers could "execute arbitrary code on the device or cause a denial of service," or in other words: install malware on your computer and/or run it as part of a botnet. Along with this, hackers could access confidential documents, steal usernames and passwords, take over PCs, and remotely access networked devices, such as webcams, printers, televisions, security systems, and other devices plugged in or wirelessly connected to networks. Most networking devices use UPnP, including computers running Windows, Apple's OS X, and Linux as well as many mobile devices use UPnP to print to wireless or networked printers.
Obviously and unfortunately, this problem is very technical in nature. Most computer users will have trouble dealing with this issue. If you are technical, the directions for disabling UPnP on Windows systems is as follows:
Go to Services and stop and disable the “SSDP Discovery Service”. This service is responsible for UPnP (you will also notice another service called UPnP Device Host – which likely won’t be running and has nothing to do with UPnP Discovery, which is where the vulnerability is).
If you do not consider yourself to be technical, be sure to call or visit a professional computer repair technician to discuss this issue.