Description: Universal Plug and Play protocol (UPnP) can be described as a set of networking protocols that allow a type of seamless discovery and communication between other UPnP devices. Data sharing capabilities are just the beginning of UPnP's remit, in some cases UPnP devices can actually make configuration changes to one and other. The aim is a type of hassle free configuration environment, aim to give its users that "just works" felling, much like the plug and play technology of the past. However hassle free configuration can ultimately mean hassle free hacking.
This talk is loosely based on a previous BSides talk and aims to give attendees an overall view of UPnP and some of the security issues faced by many devices today. During 2011 and number of interesting issues were discovered. The talk looks at how an attacker can deploy a series of incredibly simple yet effective attacks against a wide range of UPnP devices such as routers found in many homes today, and why those very routers are ill equipped to defend against them. With one simple command it is possible to open an internal port to an external port without authentication or stamp within the routers access logs. In some case it is even possible to disable internet connectivity. Attacking the very fabric of UPnP's implementation to gain a very real presence on a network.
Its easy to see why many technologically minded people argue turning this protocol off, however it is not always as simple as it would first appear. Much functionality of very popular devices and applications would be lost, in addition for it not being the most user friendly process to be invented. With concerns about this same technology in the future being used in smart homes the threat can only become bigger.
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=jQNBGLHXUOw