The U.S. government has released a security advisory about critical flaws in Universal Plug and Play (UPnP), a networking protocol used by tens of millions of routers, computer printers, storage drives, smart TVs and other devices commonly found in homes and offices.
The flaws could let outside attackers invade your home or business network and cause havoc. Dozens of device manufacturers, including Cisco/Linksys, Netgear, Sony, Siemens and Belkin, have been notified, but few, if any, have rolled out patches yet.
US-CERT, the United States Computer Emergency Readiness Team, advises all users to manually disable UPnP in their devices’ administrative settings. Users will have to refer to their owners’ manuals or to manufacturers’ websites to learn how.
For enterprises with skilled IT personnel, a patch to the UPnP protocol that fixes the flaws is available here.
The flaws were publicly disclosed yesterday (Jan. 29) by Rapid7, a Boston-based network-security-testing company. In a research paper, Rapid7 said it found 40 million to 50 million vulnerable devices that were accessible from the Internet.
Rapid7 expects that most of the vulnerable printers, routers and other devices that are still in production will eventually receive updates.
But, warned Rapid7 Chief Security Officer HD Moore, that will leave tens of millions of older devices out in the cold.
Rapid7 has released a tool for Windows users to scan their networks for vulnerabilities.
The Latest Streaming News: Critical Security Flaws updated minute-by-minute
Bookmark this page and come back often