Blog

Jun 12, 2020

Plug-and-play bug exposes millions of network devices

Posted by in categories: cybercrime/malcode, finance, internet

A bug in a protocol used by virtually all Internet of Things devices exposes millions of users to potential attack, a researcher reported Monday. The fault centers on the Universal Plug and Play protocol, a 12-year-old implementation that simplifies connections among network devices such as computers, printers, mobile devices and Wi-Fi access points.

Billions of devices are theoretically vulnerable, the report stated, but only those with UPnP activated currently face risk of attack.

Turkish security engineer Yunus Çadirci uncovered the UPnP bug, named CallStranger, that could be exploited to gain access to any smart such as , printers and routers that are connected to the Internet. Once access is gained, malicious code can be sent through network firewalls and other security defenses and reach internal data banks.

Comments are closed.