Only 50 million? I thought it would be more but thats the figure that was put forward in a whitepaper from Rapid7 yesterday.
UPnP is a potocol designed to allow easy communication between computers and TVs, routers, printers, media servers and many other types of device. Unfortunately, the communication between them may be just a little too easy.
Rapid7, who provide penetration testing, vulnerability management and compliance solutions, warn that UPnP protocol aka Universal Plug and Play is flawed. Their whitepaper goes on to say that tens of millions of networked devices are vulnerable to one or more of three different types of attacks:
“Somewhere between 40 and 50 million IPs are vulnerable to at least one of three attacks outlined in this paper. The two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities. In the case of the Portable UPnP SDK, over 23 million IPs are vulnerable to remote code execution through a single UDP packet.”
The whitepaper also says that over 80 million different IP addresses (thats more than the sum of all IP addresses currently assigned to Canada) were available over the web via remote discovery. That figure equates to 2.2% of all the public IPv4 addresses on the net.
If you want to know more about the joys of UPnP then Arron Finnon (@F1nux) is your man with his excellent talk from last year’s BSidesLondon: