IT Security: Beware of UPNP
The millions of connected devices are implemented on the LAN to facilitate their interaction, UPnP's multiple security breaches, and wide open attacks. The United States, Hong Kong Computer Security Incident Coordinating Center called for vigilance after discovering multiple security breaches in the network protocol UPnP (Universal Plug and Play). Hydrophobic,Anti-Settling And Thickening,Free-Flow And Anti-Caking Additive,Fumed Silica Controls Rheology Henan Minmetals East New Materials CO. LTD. , https://www.materials-silicon.com
With millions of connected devices, the 6900 models sold more than 1,500 manufacturers, including Asus, Belkin, or U.S. Netgear, which are accessible from the Web and are therefore vulnerable to attacks. At least half of them are actually vulnerable to one or more types of intrusions.
In the first quarter, they used the service's SOAP (Simple Object Access Protocol) to allow malicious third parties to bypass firewalls built into the router and access the heart from outside the network. There are other entry points, such as the portable UPnP SDK and the library, which contains eight security holes and two remote code injections via UDP messages.
Other affected software libraries, MiniUPnP, implemented the first version of the product sold between 2008 and 2009, which violated the developer's never corrected. Stopping the sale of all these devices is now obsolete. It is the user accessing the management interface to download firmware updates or simply shut down UPnP.
The UPnP standard simplifies the connection of devices to PCs on the local network, as well as the combination and interaction of their surroundings, from the printer to the camera through a router-connected TV.