Thanks to Universal Plug and Play software all modern devices instantly find and connect to each other automatically. However, a recent piece of research has shown that there is a catch that puts all users privacy at risk.
UPnP is a hassle saving piece of software designed to let cameras, printers, digital video recorders and games consoles automatically discover each other’s presence on a network. A decade ago it was first introduced and embedded in Windows XP in order for laptops to automatically connect to wireless network printers. However, this ubiquitous piece of software has recently been found to have a dark side. The problem is that the UPnP protocol has no built-in security.
Last week, the results of an extensive 6 month research into UpnP were announced and it emerged that the software has been quietly making tens of millions of such devices not only accessible but also in many cases controllable via the internet. Between June and November last year a team from the information-security company Rapid7 in Boston continually scanned for signals from any UPnP-enabled devices announcing their availability for internet connection.
Their findings were shocking. 6900 network-aware products from 1500 companies at 81 million internet protocol (IP) addresses responded to their requests. “About 80 per cent of those were home routers, and the rest were devices like cameras and printers that should not have been internet-facing at all,” says lead researcher H. D. Moore. An open router could give an attacker access to its owner’s personal files.
What could this mean in practice? Well, for instance, video feeds from CCTV cameras or webcams could be watched at leisure by anybody. Scanned documents could be read by anyone and hackers with grudges against organisations could cause significant mischief and mayhem. Worse, CCTV footage recorded on digital video recorders could even be deleted, a gift for criminals.
This affair highlights the tension inherent in providing ease-of-use on one hand and security on the other. A possible solution is for internet service providers (ISPs) to modify their routers to prevent their subscribers’ UPnP traffic being accessed, says Moore. The company behind the research, Rapid7 has also written a free, downloadable Windows program that lets people check if their devices are internet facing. Jay Abbott of Advanced Security Consulting in Peterborough, UK. says “Their one-click check lets you see if this issue affects you or not, so make use of it.”
Sources include The New Scientist, http://www.upnp.org
TJC Oxford offers high-quality IT interpreting services so that clients can stay ahead in the multilingual growth of the computer age. With the widespread use of IT systems across the globe, sharing accurate and accessible information about processes and systems is vital for computer development. Our large and diverse network of translators with experience in IT and computer systems services, allows us to selectively source highly skilled individuals who may also have a background or qualification in IT and computer system services. Therefore, our IT-related translators come with expertise in many different areas, as shown below, and provide a reliable and precise interpreting service to the client.