50 million cameras exposed to hackers due to massive security breach

1 February, 2013RT

Internet users, beware: new security research has revealed that 40-50 million network-enabled device can be hacked and controlled remotely, with vulnerable products including cameras, printers and routers.

By hijacking personal devices like cameras, hackers can easily watch the every move of the device’s owner and invade the privacy of millions of users. 

Internet routers that use a protocol called Universal Plug and Play (UPnP) allow network-connected devices such as computer and printers to make themselves easily discoverable, but new research by the security firm Rapid7 shows that this discoverability can be exploited by hackers.

Many routers are set to use the UPnP by default, thereby subjecting all network-enabled devices using the router to the damage that hackers are able to inflict. As many as 50 million unique devices can be exploited and about 6,900 products are vulnerable to software bugs that have already been found in three different implementations of the protocol.

Vendors including Cisco’s Linksys, Belkin, D-Link, and Netgear produce routers that make themselves and their connected devices susceptible to software bugs. At least 23 million types of connectible devices could be hijacked and permanently disabled, while others would face temporary incapacitation.

Using the discoverability of the devices, hackers could invade the network itself, regardless of any sort of firewalls that might be in place, thereby endangering personal information. Hackers could use UPnP-enabled routers and their devices to access confidential files, steal passwords, take full control of computers and access webcams, printers and other security systems.

“We never expected this much UPnP to be exposed on the Internet. The scope of the exposure just blew us away,”Rapid7’s chief security officer H.D. Moore told Forbes.

“This is the most pervasive bug I’ve ever seen,” he told Reuters, referring to the software bugs that Rapid7 discovered in most of the vulnerable devices that were tested.

Rapid7 recommends that Internet users check their routers for UPnP capabilities and disable the feature to protect their devices from being invaded by hackers. The new research also prompted CERT to issue a warning and Cisco to disseminate information about their susceptible products.

“Linksys is aware of the industry-wide UPnP library security vulnerability announced by the US CERT on January 29th,” a spokesperson wrote on the company website“We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted.”

Unless Internet users take steps to ensure their network’s security, tens of millions could be at risk of having their information stolen, being watched through their own webcams, or having their devices destroyed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.