An IT security firm suggests that the security of millions of smart TVs, routers, mobile apps and smartphones are threatened due to an old vulnerability.
Global IT security firm Trend Micro reports that a three-year-old vulnerability in a software component used by electronic gadget vendors is at risk.
"The vulnerabilities exist in the Portable SDK for UPnP Devices, also called libupnp. This particular library is used to implement media playback (DLNA) or NAT traversal (UPnP IGD). Apps on a smartphone can use these features to play media files or connect to other devices within a user's home network," says mobile threats analyst Veo Zhang.
Analysts suggest that an attacker can exploit the vulnerability and take control of an affected device.
According to Zhang, these susceptibilities were fixed back in December 2012 but many apps are still using older version of the SDK. Zhang and his team discovered 547 apps which used older types of libupnp. Some 326 of these apps are also available on the Google Play store. The most high-profile apps include Netflix and Tencent QQMusic.
The report suggests that some apps, which are still using older version of the vulnerable SDK, are quite popular and are used by millions of people worldwide. QQMusic has more than 100 million users in China. According to the Google Play Store, the number of downloads for QQMusic is between one to five million. The app uses an SDK that dates back to April 2012. Zhang adds that not only mobile devices but smart TVs and routers are also threatened by the issue.
Tencent has already been notified of the issue and it has taken necessary steps to fix the vulnerability. However, Zhang notes that even though several companies have identified and fixed the software vulnerability, about 6.1 million devices are still at risk.
Photo: Yuri Samoilov | Flickr