OS and Software > All Things Macintosh > [Security] Universal Plug and Play vulnerability

[Security] Universal Plug and Play vulnerability

quote:

---

Unplug Universal Plug And Play: Security Warning

Tens of millions of devices with UPnP are remotely exploitable, warns Metasploit creator. New tool detects vulnerable devices, which include 6,900 different product versions spanning 1,500 vendors.
By Mathew J. Schwartz, InformationWeek
January 29, 2013

More than 23 million Internet-connected devices are vulnerable to being exploited by a single UDP packet, while tens of millions more are at risk of being remotely exploited.

That warning was issued Tuesday by vulnerability management and penetration testing firm Rapid7, which said its researchers spent six months studying how many universal plug and play (UPnP) devices are connected to the Internet -- and what the resulting security implications might be. The full findings have been documented in a 29-page report, "Security Flaws In Universal Plug and Play." ...»www.informationweek.com/security···40147226

---

Is UPnP turned on? Maybe. I always turn that shit off on everything.

dunno...I hate 'tweaking' stuff since I always end up wrecking some other program that needs it....but usually don't realize it until a year later. I love default set up!
What 'things' need UPnP?

reply to haroldo
People love to rip on UPnP... You'll get a lot of people in this thread saying it's the devil.

In reality, UPnP is extremely useful but does have some security risks (what doesn't?). It automates the process of forwarding ports on your router so that you or others can connect to your devices directly. For example, if you use iChat for video conferencing, it works best when a connection can be made directly between the two computers. This requires opening a port on your router so the other user can connect to your computer and receive the video stream. Without UPnP, you need to login to the router, find the correct port number to open, set a rule to forward the port number to your local IP address, then delete it when you're done. UPnP handles all that for you.

Likewise, if you have an Xbox or other game console, they can use UPnP to open ports for online gaming.

In the Apple world, the following services use UPnP: iChat audio/video, FaceTime, Back to My Mac, Find my iPhone/iPad (this can work without it, I think), Find My Mac, remote Screen Sharing, etc (there's probably a few I'm forgetting).

The vulnerability they're describing is that some routers stupidly allow UPnP to work even over the WAN/Internet connection - this should not happen and can be a security risk. But even if a hacker remotely opens a port on your router, they still need to know your computer's local IP address, what services are running on your computer, and an additional exploit or attack vector to get into those services. It's not a "1 packet = destruction" type deal that article implies.

Apple routers use UPnP or a similar protocol called NAT-PMP. I'm not sure if NAT-PMP is also vulnerable in the way the article mentions, but you can safely disable it if you don't use any of the services I mentioned earlier.
--
University of Southern California - Fight On!

I use FaceTime and Find My iToys, so I guess I got to keep it.
Still don't entirely understand it, but, presumably, they'll issue an update to the router, right?

There's no mention of NAT-PMP in that article, which is what Apple uses AFAIK, so I'm not sure if the same vulnerabilities apply.

Even if their implementation was vulnerable, they'd still have to allow NAT-PMP over the WAN/Internet connection, which I don't think they do.

If there is a problem, it can be easily updated through a firmware patch.
--
University of Southern California - Fight On!

reply to Thinkdiff

reply to Thinkdiff

reply to Thinkdiff

reply to TamaraB
grc.com now has a test for upnp wan access in the shields-up section.
Just fyi

Thanks!