Leave a comment

Top Story: 6.1 million connected devices have a serious security flaw

Top Story: 6.1 million connected devices have a serious security flaw
Photo courtesy of Shutterstock

There are always going to be security flaws in our electronics. No programmer can think of every type of attack, and hackers are devious at finding new angles. However, you would hope that once a flaw turned up it would at least be fixed, but that's not always the case.

Trend Micro is bringing back to light a flaw that's been known since 2012. In fact, we've written about it on the site several times. It's a problem in the Portable SDK, or libupnp component, of the Universal Plug and Play standard found in some routers, smart TVs, other networked gear and several hundred mobile apps. Essentially, the flaw lets a hacker take over whatever gadget is running the flawed component.

The programmers behind the UPnP standard actually fixed the problem right away, however, many people have older technology that includes it, or manufacturers didn't update their firmware before releasing new models. In fact, just this April we learned that routers were still shipping with the flaw.

Find out how to spot vulnerable gadgets in your home and how to stay safe.

Now Trend Micro is finding that at least 300 apps in the Google Play store include the outdated version of the standard. The biggest one is QQMusic, which is in use by 100 million people in China. However, Tencent, the developer, is updating now that it knows it's using an outdated version.

Initially, Trend Micro thought the Netflix app was also affected. While the app does use an older version of UPnP take advantage of code that isn't in the new version, it fixed the flaw on its own.

According to Trend Micro, here are some apps it knows are vulnerable and has actually tested:

Common NamePackage Name
AirSmartPlayercom.gk.airsmart.main
Big2Smallcom.alitech.dvbtoip
CameraAccess plusjp.co.pixela.cameraaccessplus
G-MScreenmktvsmart.screen
HexLink Remote (TV client)hihex.sbrc.services
HexLink-SmartTV remote controlcom.hihex.hexlink
Hisense Android TV Remotecom.hisense.commonremote
nScreen Mirroring for Samsungcom.ht.nscreen.mirroring
Ooredoo TV Omancom.ooredootv.ooredoo
PictPrint – WiFi Print App –jp.co.tandem.pictprint
qa.MozaicGO.AndroidMozaic GO
QQMusiccom.tencent.qqmusic
QQ音乐HDcom.tencent.qqmusicpad
Smart TV Remotecom.hisense.common
Wifi Entertainmentcom.infogo.entertainment.wifi
モバイルTV(StationTV)jp.pixela.px01.stationtv.localtuner.full.app
에브리온TV (무료 실시간 TV)com.everyontv
多屏看看com.letv.smartControl
海信分享com.hisense.hishare.hall

If you have one of these apps on your phone, it's a good idea to remove it, or see if there's an update.

Next Story
Source: ZDNet
License plate readers could expose Johns to their families
Previous Happening Now

License plate readers could expose Johns to their families

'Black Atlas' botnet targets payment cards
Next Happening Now

'Black Atlas' botnet targets payment cards

View Comments ()