The fun with hacking UPnP enabled devices has just began. We’ve started our exploration in the fields of UPnP earlier this year with some smoking posts which covered some basic attacks and the advance flash attacks. Today I stumbled across Google Media Server, a desktop gadget which allows you to share all your laptop/desktop media content with all other devices you may have locally such as your phone, xbox, TV, and I suspect, your fridge. And all that via UPnP. That, I like very much.

Who had fun this past weekend?

I guess I will repeat myself, but I will say it one more time: UPnP does not have any mechanisms for authenticating with your devices. Therefore, anyone can mess with your media. Good that Google has implemented some kind of IP/MAC based lockout features in the Media Server, but I as you understand these checks are insufficient.

Do not use Media Server on your home WiFi network or your corporate laptops unless you are completely aware of the risks involved.