Homeland Security Warns that Millions Could be at Risk

The US government is warning to disable a common networking feature after bugs were discovered that leaves millions of hardware devices vulnerable to attacks by hackers and malware.

The U.S. Department of Homeland Security has issued a warning of a serious threat to networking devices, such as scanners, printers, computers and routers. Approximately 40 to 50 million devices worldwide are vulnerable to infiltration by hackers as a result of a flaw in a networking protocol.

UPnP, also known as Universal Plug and Play, allows devices that connect to networks to communicate seamlessly with one another and discover each other's presence in order to share files, print documents and access other shared resources.

Homeland Security is now concerned that the vulnerability could impact millions of machines, and warns users to update their software or disable UPnP altogether. Unfortunately it is not a simple fix, operating system makers—such as Apple and Microsoft—must create patches. It has already been found that over 1,500 vendors and 6,900 products identified were vulnerable, including products from vendors such as Belkin, D-Link, Linksys and Netgear.

The researchers found that there are numerous bugs with the UPnP protocol, which could ultimately put at risk tens of millions of networked devices—especially those connected directly to the Internet. It is now being suggested to "disable UPnP (if possible)," along with restricting networking protocols and ports, including Simple Service Discovery Protocol (SSDP) and Simple Object Access Protocol (SOAP) services from untrusted networks, including the Internet.

The concern is that hackers could "execute arbitrary code on the device or cause a denial of service," or in other words: install malware on your computer and/or run it as part of a botnet. Along with this, hackers could access confidential documents, steal usernames and passwords, take over PCs, and remotely access networked devices, such as webcams, printers, televisions, security systems, and other devices plugged in or wirelessly connected to networks. Most networking devices use UPnP, including computers running Windows, Apple's OS X, and Linux as well as many mobile devices use UPnP to print to wireless or networked printers.

Obviously and unfortunately, this problem is very technical in nature. Most computer users will have trouble dealing with this issue. If you are technical, the directions for disabling UPnP on Windows systems is as follows: 

Go to Services and stop and disable the “SSDP Discovery Service”. This service is responsible for UPnP (you will also notice another service called UPnP Device Host – which likely won’t be running and has nothing to do with UPnP Discovery, which is where the vulnerability is).

If you do not consider yourself to be technical, be sure to call or visit a professional computer repair technician to discuss this issue.

This post is contributed by a community member. The views expressed in this blog are those of the author and do not necessarily reflect those of Patch Media Corporation. Everyone is welcome to submit a post to Patch. If you'd like to post a blog, go here to get started.


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »