Millions of Smart TVs, Phones and Routers At Risk From Old Vulnerability

itwbennett writes: Adding fuel to the growing concern over how manufacturers of devices such as routers and smart TVs deal with security vulnerabilities that emerge in their products, Trend Micro found that a 3-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasn't been patched by many vendors. Although a patch was issued for the component in December 2012, Trend Micro found 547 apps that use an older unpatched version of it, wrote Veo Zhang, a mobile threats analyst on the Trend Micro blog. 'These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all at risk as well,' he wrote.

libupnp vulnerability

[ginoledesma]

Summary doesn't mention this, but the vulnerability is in libupnp that is used by most of these mobile apps.

Re:Apologists unite!

[gstoddart]

Well ... let's see ... first you could have a vulnerable cable modem your ISP gave you ... and a lot of people might not have a firewall behind that and connect directly to it. Hell, you could even have a modem from your ISP which does the wifi you use in your house.

The level of network security in most households probably means that the number of people who could easily have devices exploitable by this is likely not small.

The problem is that consumer adoption of the "internet of stuff" is growing FAR faster than the quality of security they have. Many people simply won't even know they're at risk, because they just took it out of the box and did the easiest bit of configuration.