By hijacking personal devices like cameras, hackers can easily watch the every move of the device's owner and invade the privacy of millions of users.
Internet routers that use a protocol called Universal Plug and Play (UPnP) allow network-connected devices such as computer and printers to make themselves easily discoverable, but new research by the security firm Rapid7 shows that this discoverability can be exploited by hackers.
Many routers are set to use the UPnP by default, thereby subjecting all network-enabled devices using the router to the damage that hackers are able to inflict. As many as 50 million unique devices can be exploited and about 6,900 products are vulnerable to software bugs that have already been found in three different implementations of the protocol.
Vendors including Cisco’s Linksys, Belkin, D-Link, and Netgear produce routers that make themselves and their connected devices susceptible to software bugs. At least 23 million types of connectible devices could be hijacked and permanently disabled, while others would face temporary incapacitation.
Using the discoverability of the devices, hackers could invade the network itself, regardless of any sort of firewalls that might be in place, thereby endangering personal information. Hackers could use UPnP-enabled routers and their devices to access confidential files, steal passwords, take full control of computers and access webcams, printers and other security systems.
“We never expected this much UPnP to be exposed on the Internet. The scope of the exposure just blew us away,” Rapid7’s chief security officer H.D. Moore told Forbes.
“This is the most pervasive bug I’ve ever seen,” he told Reuters, referring to the software bugs that Rapid7 discovered in most of the vulnerable devices that were tested.
more here: RT