Product Promotion Network

Game

Should you disable UPnP at home? Why trade security for convenience?

This article is brought to you by Bitdefender. Years of advance fee scams have trained us to be wary of emails from foreign ‘princes’ asking us to hold on to a few million dollars for them. But while folks are generally pretty good at spotting a scam a mile off[1], when it comes to internal threats, we need to up our game, especially with regard to universal plug and play (UPnP) solutions.

If you want something that’s plug and play – in other words, something that will just work when you plug it in and communicate with other devices, it’s fine. But if something’s being sold on punching a hole in a firewall for the sake of convenience – like Skype, for example – then you need to stop and think about if doing what you’re doing is actually safe or not. We need to accept that the consumers buying into this are doing so in good faith.

They have bought something from a respectable outlet. They assume the store, whether online or bricks and mortar, will not knowingly sell them something unsafe. The manufacturers, too, are well known.

The printer company that’s been around for X years and whose products the customer has been buying for Y amount of time is not about to throw their reputation away, and if the router manufacturer has allowed UPnP it must surely be OK? Skype uses it to get around firewalls, and Skype is owned by Microsoft, therefore it must be safe. That kind of thinking is like leaving the door on the latch so the neighbour can feed your cats while you’re at work.

The neighbour is trustworthy and yes it makes life easier, but your door is open to others as well. There have been some fairly spectacular security fails; Svakom’s Siime Eye – a connected sex toy – leaked plenty of information and earned lot of coverage. By all means the story had entertainment value, but there are other cases too.

In the white paper, Remote Exploitation of the NeoCoolcam IP Cameras and Gateway[2], security researchers at Bitdefender describe how easy it is to take control of a connected doorbell camera, thanks in part to UPnP opening ports on the router, allowing them to be controlled from the outside world. In a separate white paper – IoT – The Gift That Keeps On Giving[3] – Bitdefender’s chief security researcher Alex “Jay” Balan is blatant in his advice; “Seriously, check and disable UPnP on your routers.” Aside from convenience, why are products which can so easily be compromised allowed to hit the shelves in the first place?

There’s two main reasons for this. First, there is no standard for security on Internet of Things (IoT) devices. If there were something in place, some certification that required a device to do this, this and this before it could be sold as secure (or even sold at all), then those reputable retailers would have a chance of filtering out the bad stuff.

Second, and a related point, there is no reason at the moment to expect a doorbell manufacturer to understand security. It’s not a documented requirement so it’s not part of their world. So they and a load of other IoT manufacturers sell devices with UPnP without knowing that they’re leaving your door on the latch for all sorts of malware.

Bitdefender would like to see that regulated; until that time comes, seriously, go to your router and consider switching UPnP off, at least as a default setting.

References

  1. ^ spotting a scam a mile off (uk.pcmag.com)
  2. ^ Remote Exploitation of the NeoCoolcam IP Cameras and Gateway (labs.bitdefender.com)
  3. ^ IoT – The Gift That Keeps On Giving (labs.bitdefender.com)

HOMCOM Rebounder Net Playback Soccer Football Game Spot Target Ball Rebounders Training Equipment Play Teaching – Reduced

This rebounder is a perfect training tool for any football player, made with a sturdy metal frame and a PE net, it is perfect to rebound and continue your practice session. It’s construction is lightweight to make it easier to move around to your ideal positions. Comes complete with ground nails to secure it to the soft ground.

Feature:

• Steel tubing and PE netting for durable use • Ideal for practicing tennis, football or any ball game • Help to enhance passing, goalkeeping, heading and shooting skills • Firm and sturdy • A powerful and silent rebound can be made by it • Light weight and easy to move • 4 ground nails are included

Specification:

• Material: Steel pipe, PE net • Colour: Black • Net Weight: 1.7kg • Overall Dimension: 90L x 80W x 140H (cm) • Grid Size: 126L x 75W (cm) • Accessories: 4 x ground nails • Custom Label: A90-053

  • Ideal for practicing tennis, football or any ball game
  • Help to enhance passing, goalkeeping, heading and shooting skills
  • Sturdy steel frame and strong net
  • Light weight and easy to move
  • 4 ground nails are included

More Promoted: Sale Offers

HOMCOM Rebounder Net Playback Soccer Football Game Spot Target Ball Rebounders Training Equipment Play Teaching

This rebounder is a perfect training tool for any football player, made with a sturdy metal frame and a PE net, it is perfect to rebound and continue your practice session. It’s construction is lightweight to make it easier to move around to your ideal positions. Comes complete with ground nails to secure it to the soft ground.

Feature:

• Steel tubing and PE netting for durable use • Ideal for practicing tennis, football or any ball game • Help to enhance passing, goalkeeping, heading and shooting skills • Firm and sturdy • A powerful and silent rebound can be made by it • Light weight and easy to move • 4 ground nails are included

Specification:

• Material: Steel pipe, PE net • Colour: Black • Net Weight: 1.7kg • Overall Dimension: 90L x 80W x 140H (cm) • Grid Size: 126L x 75W (cm) • Accessories: 4 x ground nails • Custom Label: A90-053

  • Ideal for practicing tennis, football or any ball game
  • Help to enhance passing, goalkeeping, heading and shooting skills
  • Sturdy steel frame and strong net
  • Light weight and easy to move
  • 4 ground nails are included

View More: Sale Offers

1 2 3 346