The US Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices.
The US government’s Computer Emergency Readiness Team advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet.
UPnP is designed to let networks identify and communicate with equipment, reducing the amount of work it takes to set up networks. Dave Marcus, chief architect of advanced research and threat intelligence with Intel’s McAfee unit, said hackers would have a “field day” once the vulnerability in network devices is exposed.
“Historically, these are amongst the last to be updated and protected properly which makes them a gold mine for potential abuse and exploitation,” said Marcus, who advises government agencies and corporations on protections against sophisticated attacks.
Computer security company Rapid7 said in a white paper released on Tuesday that it discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of problems that the firm’s researchers have identified with the UPnP standard.
The flaws could allow hackers to access confidential files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems, according to Rapid7.