uPnP Security Flaw

I'm not sure it has hit the main stream media yet, but I expect it soon.  It has been known for some time, that the uPnP feature of networked devices provides an easy way for a hacker to take control of your home network.  This concept is difficult to follow - the following links will help in the understanding of this protocol and the resulting security flaw.  Good luck.

This recent article in ITBusinessEdge provides a basic description of the problem.

This wikipedia entry goes into much more detail and it's only provided here for additional information.

My favorite techie is Leo Laporte.  I've been watching his podcasts for many years.  I find that he provides understandable information on a variety of technology-related subjects.  His latest issue of The Tech Guy once again mentions this uPnP problem.  He talks to Steve Gibson about 2:20 into the show.

A much more detailed discussion of this flaw can be found in this episode of Security Now, also a Leo Laporte production.  Steve Gibson does a good job describing what and how uPnP works and how hackers can take advantage of it.  I think the first 35 minutes should give you the necessary information.

Lastly, Steve Gibson has a web site called GRC.com wherein he provides much information regarding the security issues surrounding the pc and networking.  His page called "ShieldsUP!" provides a test to determine if your router is vulnerable to the uPnP exploit.  Click on the "proceed" button to begin, then click on the orange exposure test button to determine if your router has uPnP turned on.  A results page is then shown.  If your test resulted in -

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

then you passed!  There are many links on this results page; you might want to visit some of them.

Have fun!