Security vulnerabilities are no laughing matter, but usually, they’re relegated to specific operating systems or computers. If an entire category of devices were to suffer a security flaw, you’d have a recipe for disaster in the making.
Despite the best efforts of developers, a quick fix for security flaws can cause additional troubles for users. Microsoft’s own regular security updates tend to add just as many bugs as they fix, and this problem does not seem like it’s going away any time soon. Tap or click here to see what the latest Windows update broke.
But now, a dangerous new security flaw has been found that affects nearly every internet-of-things device on the market. Worse yet, there are no quick fixes available — and every affected device will need its own patch to be safe. Here’s what you need to know, as well as what you can do to stay safe in the meantime.
Callstranger: The sum of all fears
It’s rare to see an entire spectrum of devices affected by a single security flaw. But thanks to the universal inputs and designs that stretch across all IoT devices, it was only a matter of time before an exploit was discovered.
And that’s exactly what’s happening with Callstranger, a dangerous new security flaw found in the Universal Plug and Play protocol that comes with nearly every networked device you can buy.
UPnP is used by devices to see one another on a network, and if this system is hijacked, it can allow hackers to scan your network and potentially steal data. What’s more, it could also be used for cyberattacks like Distributed Denial of Service (DDoS), which is a common method hackers deploy to take websites off the internet.
According to the official website for the security issue, Callstranger works thanks to a defect in how the code for UPnP is written. Hackers can easily take advantage of this flaw by sending corrupted data that will open your network up to scans and hijacking.
Needless to say, potentially billions of devices could be affected — including products you have at home right now. Whether or not you’re a target, however, is another story altogether.
Am I at risk for Callstranger? What can I do?
Surprisingly, the official website for Callstranger says that the risk for home users is not as severe as it would be for corporate or enterprise users. This is because most ordinary people don’t have as much valuable data on their devices, and the products they do have lack the power and speed needed to launch additional DDoS attacks on other systems.
That said, it’s still worth taking precautions to protect your system and information. You may first want to perform a routine security check for your router to make sure no unusual intrusions have been made without your knowledge or permission. Tap or click here to see 6 ways to hacker-proof your router.
In addition, it’s also worth making sure your most valuable files are properly saved and secured. A strong cloud backup system like IDrive is the perfect fit for this issue, as it captures and stores your data away from your systems hard drive. This means even if your computer becomes compromised, you can rest assured your data is safe and sound.
As far as patches go for your individual devices, security researchers say “Don’t hold your breath.” Patches can take some time to develop, and because so many devices are affected, the people behind the Callstranger website anticipate it will be a while before all your devices are certified safe.
At this point in time, keep an eye out for any and all updates for your most frequently used devices, and consider storing less personal data on any IoT device that may be at risk. Even if the manufacturers can’t do anything now, you can take matters into your own hands and keep yourself safe.
Then again, that’s kind of always the case, isn’t it? Tap or click here to see how to give yourself a digital privacy checkup.