50 Million Potentially Vulnerable To UPnP Flaws - Slashdot

Slashdot

50 Million Potentially Vulnerable To UPnP Flaws 138

Posted by Soulskill on Wednesday January 30, 2013 @03:17AM
from the much-lower-than-expected dept.

Gunkerty Jeb writes "In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks. A Rapid7 white paper enumerated UPnP-exposed systems connected to the Internet and identified the number of vulnerabilities present in common configurations. Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw. 'This research was primarily focused on vulnerabilities in the SSDP processor across embedded devices,' Rapid7's CSO HD Moore said. 'The general process was to identify what was out there, make a list of the most commonly used software stacks, and then audit those stacks for vulnerabilities. The results were much worse than we anticipated, with the most commonly used software stack (libupnp) also being the most vulnerable.'"

This discussion has been archived. No new comments can be posted.

50 Million Potentially Vulnerable To UPnP Flaws

Search 138 Comments Log In/Create an Account

Comments Filter:

Is it ``hacking'', the way they discovered it? (Score:5, Interesting)

by girlinatrainingbra (2738457) writes: on Wednesday January 30, 2013 @03:59AM (#42735461)

So did they come up with the number of vulnerable sites from
(a) -- sales figures of devices with UPnP enabled by default,

or did they actually do active spidering of (b):
1 -- a representative sample of IP addresses in a particular space

2 -- a wide ranging probe of many many IP addresses all around the world?
.

If they did (a) above, then sure it makes sense. If they did (b1) or (b2) above, especially if they didn't get the permission of every IP address which they probed/tested, then aren't they doing illegal penetration testing, even if all they are doing is checking for the existence of a responding port? I mean one or two or an accidental port knock would be like knocking IRL on a random stranger's door, but a sequential serialized intentional attempt to knock on so many doors to test vulnerability, well that's just annoying and wrong, and possibly illegal,eh?

Share
twitter facebook linkedin
find the posts (Score:4, Interesting)

by r00t (33219) writes: on Wednesday January 30, 2013 @04:29AM (#42735569) Journal

Just yesterday, lots of Slashdot readers claimed UPnP was totally reasonable for security. It's time for a wall of shame. Here is the story:
http://it.slashdot.org/story/13/01/29/0111238/58000-security-camera-systems-critically-vulnerable-to-attackers [slashdot.org]
I'll start.
adolf: http://it.slashdot.org/comments.pl?sid=3415287&cid=42722879 [slashdot.org]
Miamicanes: http://it.slashdot.org/comments.pl?sid=3415287&cid=42723217 [slashdot.org]
julesh: http://it.slashdot.org/comments.pl?sid=3415287&cid=42723393 [slashdot.org]

Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

1746 commentsBrendan Eich Steps Down As Mozilla CEO
1109 commentsMozilla CEO Firestorm Likely Violated California Law
1037 commentsHow the Internet Is Taking Away America's Religion
878 commentsRussian State TV Anchor: Russia Could Turn US To "Radioactive Ash"
686 commentsThe GNOME Foundation Is Running Out of Money

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.