If you have a router on your home PC or at work and you are using its Universal Plug and Play (UPnP) feature, the US Government wants you to disable it ASAP. The US Department of Homeland Security issued a statement today that urged individuals and businesses to disable these features from router units due to the threat of hacker attacks.
Reuters reports that the statement followed a report from the security firm Rapid7, which claimed that there are three issues with the UPnP standard that could be used by hackers for attacks that range from taking files from PCs, to taking full control of them and using them to access devices such as webcams, printers and more. The report claims that between 40 million and 50 million units that use the UPnP standard are open to these issues.
Companies that sells such routers such as Belkin, D-Link and others will have to issue security patches to fix the holes that were discovered by Rapid7. So far, there’s no word on when these patches will be issued. However, Rapid7 points out on their website that there are a number of older routers that are still being used that are likely never to be updated. In those cases, the only real alternative is to simply buy a new router that is not affected by this UPnP issue.
US Government: disable Universal Plug and Play on routers due to hacker threat.