The UPnP problem affects primarily consumers and small businesses, which are the primary buyers of the products. One way to prevent exposure to attackers is to find the configuration tools that ship with the device and manually disable UPnP.
A more comprehensive solution would be to have Internet service providers block the port used by UPnP to discover devices over the Internet. However, ISPs are unlikely to take such a step without pressure from customers.
On Tuesday, the U.S. Computer Emergency Readiness Team, part of the Department of Homeland Security, advised consumers and businesses to disable UPnP.
Device manufacturers have been criticized before for failing to quickly patch vulnerabilities. Makers of Android tablets and smartphones are notoriously slow at distributing updates of the Google mobile platform. As a result, Android has become a primary target for mobile malware.
Read more about network security in CSOonline's Network Security section.