International. Programming errors in widely used networking technologies expose tens of millions of personal computers, printers and storage units to attack by hackers on the Internet, said researchers at a firm that makes security software.
The problem is in computer routers and other networking equipment that use a commonly used standard known as Universal Plug and Play, or UpnP.
UPnP is a set of communication protocols that makes it easier for networks to identify and communicate with other computers, reducing the amount of work it takes to set them up.
Security software maker Rapid7 said in a document to be released next week that it discovered between 40 million and 50 million devices that were vulnerable to hacker attacks because of three separate sets of issues that the firm's researchers have identified in the UpnP standard.
The long list of devices includes products from manufacturers including Belkin, D-Link, Cisco Systems Inc's Division linksys and Netgear.
Chris Wysopal, chief technology officer at security software firm Veracode, said he believes the publication of Rapid7's findings will focus attention on the still-nascent area of UPnP security, encouraging other security researchers to look for more programming errors in UpnP protocols.
Rapid7 has privately warned electronic device makers about problems detected through the CERT Coordination Center, a group at Carnegie Mellon University's Institute of Software Engineering that helps researchers report vulnerabilities to affected companies.
Programming errors could allow hackers to access sensitive files, steal passwords, take full control of personal computers, as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.
Rapid7's chief technology officer, HD Moore, advises that computer users use a free tool released by the company to identify vulnerable equipment and then disconnect the UPnP functionality on those computers as soon as possible.
The tool to help identify those computers can be downloaded from the website http://www.rapid7.com
Leave your comment