{"id":1065,"date":"2013-02-14T13:35:16","date_gmt":"2013-02-14T18:35:16","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1065"},"modified":"2013-02-14T13:35:16","modified_gmt":"2013-02-14T18:35:16","slug":"in-case-you-missed-it-two-weeks-ago-upnp-security-flaw","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/02\/14\/in-case-you-missed-it-two-weeks-ago-upnp-security-flaw\/","title":{"rendered":"In case you missed it two weeks ago..UPnP security flaw"},"content":{"rendered":"

From NCCT: We originally covered this two weeks ago:<\/em>
\nhttp:\/\/blog.nccomputertech.com\/2013\/01\/31\/millions-of-pcs-exposed-through-network-bugs-security-researchers-find\/<\/em>
\nThis is a very serious issue and we urge our clients and anybody else to go to:<\/em>
\nhttps:\/\/www.grc.com\/shieldsup<\/a><\/b><\/em>
\nClick on the “proceed button”<\/b>, on the next page click on the big yellow button that says “GRC’s Instant UPnP Exposure Test”<\/b>.<\/em>
\nLet it do it’s thing.<\/em>
\nIf you get a message in a green<\/b> box that says “THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES<\/b>“…. you’re o.k.. there’s nothing further that needs to be done. Your router does not have this flaw.<\/em>
\nIf you get a red<\/b> message saying your “THE EQUIPMENT AT THE TARGET IP ADDRESS DID RESPOND TO OUR UPnP PROBES!<\/b>“..you have a serious problem. UPnP would have to be disabled on your router and rechecked. In some cases even disabling it will not correct this on the WAN side, people could still get in on certain routers.<\/em>
\nIn simple terms this flaw allows somebody on the WAN (Wide Area Network..the entire outside world) side of the router with this flaw to access your internal network LAN(Local Area Network..all of the computers and devices inside you house).<\/em>
\nHere’s a message you don’t want when you run the test mentioned above, this is just a sample page<\/span> of what a warning looks like<\/b>.
\nhttps:\/\/www.grc.com\/su\/UPnP-Exposed.htm<\/a>
\nOnce they get in(and it’s not hard to with this flaw) it’s the same as having somebody come into your house or business and plug a computer into your router and look at all of your devices, shares, files, change your router settings, etc..Essentially they can do what they want and you wouldn’t know and your anti-virus wouldn’t know. By the way this flaw was found not only in routers, but in network capable appliances\/devices, security cameras, printers, T.V.’s, etc…The key thing is to check if your router is at risk since the other devices sit behind that…or they should.<\/em>
\nIf you find your router is exposed and don’t know how to disable UPnP give us a call. We can disable it and run all the tests for you and recommend what to do and let you know if you may need to update your firmware if available(which we can do), buy a new router if disabling UPnP doesn’t work on your current one or set up a another hardware firewall. We can deal with it.<\/em>
\nOr your ISP can block port 1900.<\/em>
\nWe can not emphasize enough how important this is, this is not a “oh well, whatever” situation<\/b>, this in our opinion and in many other people’s opinion worse than a virus. You may be giving people complete access to your network and everything on it and not even know it.<\/em>
\nHere is two videos featuring Leo Laporte and Steve Gibson(GRC.COM) on the topic.
\n