Re: UPnP is a red herring in this thread @fidodogbreath
You have a point, but to be hacked, you need a vector to get to one of these devices.
If they are snug and secure behind a firewall (even one in a consumer grade DSL router), it will not be possible to even get to the device to attack it, regardless of how easy it is to hack. The reason why UPnP is being mentioned so much is that it is commonly used to expose the services of this type of device to the internet through a firewall.
Unless you can show that the devices were either on an un-firewalled network or directly connected to the Internet, you're going to have to come up with a way that the attacker could initially get to the device to hack it other than UPnP. Until you do, that is still going to be the most likely culprit.
Whether you like it or not, UPnP is a way for undisciplined devices to expose themselves. It's just a flawed service, and many knowledgeable people agree.
Biting the hand that feeds IT
