US Homeland Security is issuing another IT security warning for business and home computer users on January 29, 2013 urging computer users to disable a common networking technology feature. Researchers have warned Homeland Security that hackers have the potential to exploit flaws in tens of millions of devices.
The US Government’s Computer Emergency Readiness Team is advising business and consumers to disable the Universal Plug and Play or UPnP along with additional features allowing devices from computers to printers to be accessible over the Internet.
UPnP is a communications protocol designed to let networks indentify and communicate with equipment. This feature, primarily used in home networks, reduces the complexities of setting up networks. According to Dave Marcus, Chief Architect of advanced research and threat intelligences at Intel’s McAfee says that hackers could have a field day once the vulnerability in network devices is exposed.
Businesses are aware of the threats that face their smartphones and computers but network devices are historically one of the last devices to receive updates, leaving their software or firmware out-of-date and potentially exposed to these sort of threats.
Once you disable the UPnP on your device it will have little or no impact on the operation of the device.
What is the risk?
Our clients are not at risk, our service teams ensure all patches and updates are applied regularly. In addition, our strict IT security standards limit exposure of threats outside the network.
If you are not a client of ours, you may be at risk. These flaws could allow hackers to access confidential information, steal passwords or take full control of your computer in addition to webcams, printers and security systems.
Security experts have not seen any early signs of the UPnP vulnerabilities being widely exploited. However, this may change once findings are made public.
We recommend checking all your devices including smart device such as web cameras, storage devices and even your smart TV at home. Many of these devices come shipped with the UPnP on by default and you may not be aware of this.
Do you have questions about your IT security? Call our team of IT security professionals to learn more about our fully managed IT services including IT security consulting.