17 Million Devices Are An Immediate Network Security Risk

Posted by .

network securityTechnology continues its creep into every aspect of our life. And the sheer number of connected devices we use also continues to grow at breakneck speed. This has led to the inevitable spike in the number and severity of network security risks we’re facing daily. It seems that almost every day a new security threat is unleashed upon us. Earlier this year, the granddaddy of them all hit the airwaves – one that has the potential to affect almost every device that connects to the Internet.

At the end of January, countless news and tech media services began issuing warnings about UPnP (Universal Plug and Play) enabled devices. This was taken very seriously; the widespread adoption of these devices coupled with the fact that many of them have poor security measures, means entire systems could be open to attack. Many business owners and managers alike are wondering just what exactly UPnP is and how it can increase my risk.

UPnP defined.  UPnP is a protocol or code that allows networked devices like laptops, computers, Wi-Fi routers, and many modern mobile devices, to search for and discover other devices connected to, or wanting to connect to, the same network. This protocol also allows these devices to connect to one-another and share information, Internet connections, media and the like.

A fine example of UPnP in action is your laptop. When you first plug your laptop to your router or firewall, you generally have to enter a password and perhaps the router’s network name. Without UPnP you would need to manually find the network and enter the password each and every time you want to connect to the Internet. With UPnP, your laptop automatically connects whenever you connect.

Why is UPnP a security threat? UPnP has been in use for the better part of seven years and has basically come to be found in close to every device that connects to the Internet – pretty much everything. While it was originally designed for devices in the home e.g., Wi-Fi routers, with the end goal of simplifying life for the consumer, many businesses also use these devices because they are usually way easier to set up and cost far less than their enterprise security

Because of the astronomical number of devices that use this protocol, and the fact that it’s designed by default to respond to any request to connect to the device, it is not hard to see how this could be a security issue. A recent study tested the security of UPnP and revealed some interesting results.
This study, conducted by Rapid7, sent UPnP discovery requests to every known routable IPv4 address. For those of you keeping score, IPv4 (Internet Protocol version 4) is a set of protocols for sending information from one computer to another on the Internet. A routable IPv4 address is one that can be contacted by anyone on the Internet. What they found was that over 80 million IPv4 addresses used Universal Plug and Play, and that fully 17 million of these devices happily exposed the protocols required for easy connection to the system or device. This makes for easy can exploitation for hackers.
Think about it: 17 million systems, many of which are likely businesses, are open to easy attack through the UPnP device. This security threat opens networks to denial-of-service attacks which make resources, including the Internet, unavailable to the user. One example of a denial-of-service attack is to make websites unavailable to others by flooding them with billions of packets of useless information or by making more connection requests than the responding network can functionally deal with.

So… what to do? Many experts recommend disabling UPnP on your networked devices. But you should at least start by conducting a routine scan for vulnerable UPnP devices on your network. There are many tools available (like ScanNow for Windows, for example) that can assist you in your search. But for many, this is a daunting prospect, as the solving one problem while creating another is just too great.

We recommend contacting experts like us. Someone who can conduct a security analysis and advise you on a process that ensures your security. So, if you are at all worried about the security of your network systems, us a call today. You’ve got questions, we’ve got answers.