World Community Grid - View Thread - Are you aware of the security flaw in Universal Plug & Play (UPnP)?

World Community Grid Forums

Category: Community

Forum: Chat Room

Thread: Are you aware of the security flaw in Universal Plug & Play (UPnP)?

Quick Go »

No member browsing this thread

Thread Status: Active
Total posts in this thread: 5

[ ]

Author

This topic has been viewed 2306 times and has 4 replies

twilyth
Master Cruncher
US
Joined: Mar 30, 2007
Post Count: 2130
Status: Offline
Project Badges:

20 year badge for Human Proteome Folding - Phase 2

45 day badge for Help Cure Muscular Dystrophy

2 year badge for Discovering Dengue Drugs - Together

2 year badge for Nutritious Rice for the World

45 day badge for The Clean Energy Project

5 year badge for Help Fight Childhood Cancer

90 day badge for Influenza Antiviral Drug Search

5 year badge for Help Cure Muscular Dystrophy - Phase 2

45 day badge for Discovering Dengue Drugs - Together - Phase 2

2 year badge for The Clean Energy Project - Phase 2

2 year badge for Computing for Clean Water

10 year badge for Drug Search for Leishmaniasis

10 year badge for GO Fight Against Malaria

10 year badge for Computing for Sustainable Water

100 year badge for Mapping Cancer Markers

20 year badge for Uncovering Genome Mysteries

50 year badge for Outsmart Ebola Together

50 year badge for FightAIDS@Home - Phase 2

50 year badge for Microbiome Immunity Project

180 day badge for Africa Rainfall Project

10 year badge for OpenPandemics - COVID-19


Are you aware of the security flaw in Universal Plug & Play (UPnP)?

I'm not completely sure I understand what's up with this so I just turned UPnP off on my router, but this looks like some scary stuff, no?

A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely.

Rapid7 said Tuesday in a research paper, that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP.

UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services.

In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users.

More at link

----------------------------------------

[Mar 19, 2013 2:16:44 AM]

Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline


Re: Are you aware of the security flaw in Universal Plug & Play (UPnP)?

And then the credentials of this gentleman who runs the show, with my emphasis

Mohit Kumar aka 'Unix Root' is Founder and Editor-in-chief of 'The Hacker News'. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.

The last thing I would do is run his little linked programs to "test your system now". Could be a trojan ;O

[Mar 19, 2013 7:41:15 AM]

twilyth
Master Cruncher
US
Joined: Mar 30, 2007
Post Count: 2130
Status: Offline
Project Badges:


Re: Are you aware of the security flaw in Universal Plug & Play (UPnP)?

Yeah, sorry about that but the original article was from New Scientist so i couldn't link to that since most people don't have a subscription, so I had to dig up something else.

Anyway, there is a link to the Rapid 7 report in the article if you go back and check and they ARE in fact legit.

----------------------------------------

----------------------------------------
[Edit 2 times, last edit by twilyth at Mar 19, 2013 9:18:19 AM]

[Mar 19, 2013 9:16:38 AM]

Sabrina Tarson
Advanced Cruncher
United States
Joined: Jun 27, 2012
Post Count: 149
Status: Offline
Project Badges:

90 day badge for Human Proteome Folding - Phase 2

45 day badge for Help Fight Childhood Cancer

14 day badge for Help Cure Muscular Dystrophy - Phase 2

180 day badge for The Clean Energy Project - Phase 2

90 day badge for Drug Search for Leishmaniasis

90 day badge for GO Fight Against Malaria

20 year badge for Mapping Cancer Markers

180 day badge for Uncovering Genome Mysteries

2 year badge for Outsmart Ebola Together

5 year badge for FightAIDS@Home - Phase 2

5 year badge for Microbiome Immunity Project

2 year badge for Africa Rainfall Project

1 year badge for OpenPandemics - COVID-19


Re: Are you aware of the security flaw in Universal Plug & Play (UPnP)?

You can also use Steve Gibson's ShieldsUP! to detect if your router is one of those affected.
https://www.grc.com/x/ne.dll?bh0bkyd2

----------------------------------------

View Current Tasks

[Mar 20, 2013 12:56:06 PM]

Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline


Re: Are you aware of the security flaw in Universal Plug & Play (UPnP)?

Now that's an old and faithful, used for many years:

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)

Their open/closed port scanning is excellent and fast.

[Mar 20, 2013 1:06:35 PM]

[ ]