Universal Plug and Play (UPnP) was marked as a significant technological advance. But, it comes with its share of drawbacks that might leave your systems vulnerable to potential cyber-attacks. In fact, it is enabled by default on millions of routers. This article will discuss what UPnP is and the risks it poses to your network’s security.
Technology in the computer age has been plagued with unsecured features, security loopholes, and general oversights in software architecture. Flash drives can carry keyloggers. Browsers might have open backdoors. Windows constantly updates with security fixes. We have to take the good with the bad and there doesn’t seem to be an end in sight.
Keep reading to learn what UPnP is and how it can be dangerous for the safety of your network.
What Is Universal Plug & Play?
In technical terms, UPnP is a networking protocol (or actually, a set of networking protocols). These protocols outline a specific communication method that devices of all sorts can use to immediately communicate with one another on a network. For the most part, it is used by devices to discover other devices on that particular network. UPnP is so common nowadays that I’d be surprised if you have never used it.
Still confused about what it is? Think of a printer. The first step is to physically connect it to your network (though nowadays it can be done through WiFi sometimes). In the past, you would have to manually search for it and set it up so that other devices on the network could find that printer. Today, though, it happens automatically thanks to UPnP.
Once connected, devices on the network can continue to communicate with one another by sending and receiving data. Computers can tell printers to print documents. Media centers can transmit audio data. Mobile devices can mount themselves onto computers. The possibilities are endless.
Hence the term “plug and play”. You plug in the device and you can immediately start playing it without having to wade through setup and configuration nightmares. It is one of the most convenient networking technologies today, in my opinion. UPnP is mostly used on residential networks as opposed to business networks.
What Does UPnP Do?
If the above definition seemed a bit complex, then let us use a printer as an example. In an office setup, the first step would be to connect it physically to the network router – even though you can do it via Wi-Fi today. In the past, you would have to search for the printer manually and then set it up so that other devices within the network can find the printer. Today, however, this process happens automatically thanks to Universal Plug and Play.
Once they are connected, the devices on that network will continue communicating with each other by receiving and sending data. As such, a computer can instruct the printer to print documents; a media center can transmit audio data, while mobile devices can mount themselves onto the computer. The possibilities are endless.
This is why it is called plug and play. You plug in a device and can start playing it right away without having to go through the hassles of setting up and configuring the connection. This makes it one of the most convenient networking technologies that are available to us.
However, UPnP technology has serious security flaws.
For instance, if a computer or some other device connected to the router exploited, the attacker may gain remote control of all devices and security systems. Thus, allowing access to your passwords and access all the other devices that are connected to the network. Additionally, once a device has been compromised, it can be utilized as part of a botnet to issue DDoS (distributed denial of service) campaigns to take down sites while hiding the attacker’s location. It might also provide them with a starting point for other attacks.
Some of the most significant cyber-crimes in recent history have leveraged internet-based devices to launch major DDoS attacks.
With more and more devices utilizing this technology to get connected to the internet, they are the ideal targets for hackers who have to accumulate devices so that they can overwhelm a business network.
The Danger Of UPnP
UPnP actually went under fire over a decade ago for a number of security vulnerabilities. Back then, the FBI suggested that users disable their UPnP settings in order to minimize their risks of damage. It’s happening again, though the specific flaw itself is different this time around.
What exactly is the problem with UPnP? Well, there are two main flaws that have come under attack recently:
- Programming Errors – there are oversights in the actual code for UPnP implementations that can be exploited by malicious users, allowing them to execute harmful code through injection.
- Unintended Exposure – the purpose of UPnP is to make devices on a network easily discoverable by other devices on that network. Unfortunately some UPnP control interfaces can be exposed to the public Internet, allowing malicious users to find and gain access to your private devices.
Just a few weeks ago, the U.S. Department of Homeland Security recommended that all users disable the protocol due to these glaring security holes. The flaws have rendered approximately 40 million devices around the world vulnerable to hacker infiltration. Quite an unsettling thought.
But don’t panic yet because there’s a silver lining to all of this: these flaws mostly affect older devices, but even they can be patched without needing to purchase new hardware.
Most UPnP implementations use an open source solution called lilupnp; technically, any device that uses a lilupnp version prior to 1.6.18 will be vulnerable to this threat. However, since most manufacturers don’t disclose that information to regular users, you’ll need to wait until your device manufacturers release updates that address these problems. Until those patches roll out, you can completely prevent the issue by disabling UPnP on all of your devices.
There are so many devices that utilize UPnP and so many manufacturers for each type of device that I couldn’t possible cover disabling instructions for all of them here, so I recommend that you run a Google search for your device and include the phrase “disable UPnP” in your search query.
As far as security flaws go, this is one of the easier ones to deal with. A lot of times, you would have to scramble for patch fixes or avoid using the Internet or reboot into Safe Mode and purge your system of an infection. For this one, all you have to do is disable the feature and you’ll be safe for a long while.