A bug in a protocol used by virtually all Internet of Things devices exposes millions of users to potential attack, a researcher reported Monday. The fault centers on the Universal Plug and Play protocol, a 12-year-old implementation that simplifies connections among network devices such as computers, printers, mobile devices and Wi-Fi access points.
Billions of devices are theoretically vulnerable, the report stated, but only those with UPnP activated currently face risk of attack.
Turkish security engineer Yunus Çadirci uncovered the UPnP bug, named CallStranger, that could be exploited to gain access to any smart device such as security cameras, printers and routers that are connected to the Internet. Once access is gained, malicious code can be sent through network firewalls and other security defenses and reach internal data banks.