‫ Millions of PCs exposed through network bugs, security researchers find

ID :IRCNE2013011744
Date: 2013-01-30
According to ZDnet, common bugs in networking systems are placing PCs, printers, and storage devices at risk, according to security researchers.
According to the security team at Rapid7, technology used worldwide in both routers and standard networking equipment is making it possible for hackers to potentially infiltrate approximately 40 million to 50 million devices worldwide.
The vulnerability lies in the standard known as Universal Plug and Play (UPnP). This standard set of networking protocols allows devices, such as PCs, printers, and Wi-Fi access points, to communicate and discover each other's presence. After discovery, devices can be connected through a network in order to share files, printing capability, and the Internet.
In a white paper released today, researchers from the security software maker said that while UPnP might make network setup cheaper and more efficient, it harbours a severe security risk.
The paper focuses on programming flaws in common UPnP discovery protocol (SSDP) implementations, which can be exploited to crash the service and execute arbitrary code, the exposure of the UPnP control interface (SOAP) on private networks, and programming flaws in both UPnP HTTP and SOAP overall.
Over 80 million unique IPs were identified that responded to UPnP discovery requests from the Internet due to the "misconfiguration" of the UPnP SSDP discovery service across thousands of products.
The team's findings are below.


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 11 بهمن 1391



امتیاز شما
تعداد امتیازها:0