Cebolla Posted June 19, 2020 Share Posted June 19, 2020 Case in point - what UPnP/DLNA streamer manufacturers have checked and (where required) updated their devices to comply with the recently updated OCF UPnP Device Architecture 2.0 specification, to avoid the CallStranger vulnerability? We are far more united and have far more in common with each other than things that divide us. -- Jo Cox Link to comment
Cebolla Posted June 26, 2020 Share Posted June 26, 2020 1 hour ago, wklie said: I need more time to look into the potential impact, if any, but If I'm not mistaken, typical streamers are not internet-facing in the context of the CallStranger. Our streamers cannot be accessed or controlled over the internet except via Spotify Connect. I don't believe it is much if anything to do with being directly accessed or controlled over the internet and more about the possibility of rogue UPnP control points on the same network subscribing to the streamer's UPnP events with callback delivery URLs not on the same network that could well be attack targets on the internet. So the UPnP Device Architecture spec change explicitly gets the streamer to actively check subscriber UPnP event URLs and reject any as appropriate. We are far more united and have far more in common with each other than things that divide us. -- Jo Cox Link to comment
Cebolla Posted July 8, 2020 Share Posted July 8, 2020 On 6/19/2020 at 10:42 AM, FIndingit said: Manufacturers of audio equipment never mention much about information security. They should, right? At least to show us they have thought about it. You can definitely use Lumin to start a list of those streamer / network music player manufacturers that not only show they've thought about security, but also care about it too! We are far more united and have far more in common with each other than things that divide us. -- Jo Cox Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now