Pinterest Stumbleupon Whatsapp
Ads by Google

what is upnpTechnology in the computer age has been plagued with unsecured features, security loopholes, and general oversights in software architecture. Flash drives can carry keyloggers Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More . Browsers might have open backdoors. Windows constantly updates with security fixes 3 Reasons Why You Should Be Running The Latest Windows Security Patches & Updates 3 Reasons Why You Should Be Running The Latest Windows Security Patches & Updates The code that makes up the Windows operating system contains security loop holes, errors, incompatibilities, or outdated software elements. In short, Windows isn't perfect, we all know that. Security patches and updates fix the vulnerabilities... Read More . We have to take the good with the bad and there doesn’t seem to be an end in sight.

Universal Plug and Play (UPnP) is one technological advancement that, too, comes with its share of drawbacks. It’s a technology of convenience but that convenience can leave your system vulnerable to certain problems if you don’t keep an eye on it. Keep reading to learn what UPnP is and how it can be dangerous for the safety of your network.

What Is Universal Plug & Play?

In technical terms, UPnP is a networking protocol (or actually, a set of networking protocols). These protocols outline a specific communication method that devices of all sorts can use to immediately communicate with one another on a network. For the most part, it’s used by devices to discover other devices on that particular network. UPnP is so common nowadays that I’d be surprised if you’ve never used it.

what is upnp

Still confused about what it is? Think of a printer. The first step is to physically connect it to your network (though nowadays it can be done through WiFi sometimes). In the past, you’d have to manually search for it and set it up so that other devices on the network could find that printer. Today, though, it happens automatically thanks to UPnP.

Once connected, devices on the network can continue to communicate with one another by sending and receiving data. Computers can tell printers to print documents How To Keep Printing Costs As Low As Possible How To Keep Printing Costs As Low As Possible Let's get this straight - printing emails and documents is primeval! Not only does it cost money, it also wastes resources, storage space, and time. In fact, half of all pages printed are never used!... Read More . Media centers can transmit audio data. Mobile devices can mount themselves onto computers. The possibilities are endless.

Ads by Google

Hence the term “plug and play”. You plug in the device and you can immediately start playing it without having to wade through setup and configuration nightmares. It’s one of the most convenient networking technologies today, in my opinion. UPnP is mostly used on residential networks as opposed to business networks.

The Danger Of UPnP

what is upnp device

UPnP actually went under fire over a decade ago for a number of security vulnerabilities. Back then, the FBI suggested that users disable their UPnP settings in order to minimize their risks of damage. It’s happening again, though the specific flaw itself is different this time around.

What exactly is the problem with UPnP? Well, there are two main flaws that have come under attack recently:

  • Programming Errors – there are oversights in the actual code for UPnP implementations that can be exploited by malicious users, allowing them to execute harmful code through injection.
  • Unintended Exposure – the purpose of UPnP is to make devices on a network easily discoverable by other devices on that network. Unfortunately some UPnP control interfaces can be exposed to the public Internet, allowing malicious users to find and gain access to your private devices.

Just a few weeks ago, the U.S. Department of Homeland Security recommended that all users disable the protocol due to these glaring security holes. The flaws have rendered approximately 40 million devices around the world vulnerable to hacker infiltration. Quite an unsettling thought.

what is upnp

But don’t panic yet because there’s a silver lining to all of this: these flaws mostly affect older devices, but even they can be patched without needing to purchase new hardware.

Most UPnP implementations use an open source solution called lilupnp; technically, any device that uses a lilupnp version prior to 1.6.18 will be vulnerable to this threat. However, since most manufacturers don’t disclose that information to regular users, you’ll need to wait until your device manufacturers release updates that address these problems. Until those patches roll out, you can completely prevent the issue by disabling UPnP on all of your devices.

There are so many devices that utilize UPnP and so many manufacturers for each type of device that I couldn’t possible cover disabling instructions for all of them here, so I recommend that you run a Google search for your device and include the phrase “disable UPnP” in your search query. If that doesn’t lead you to an answer, try asking MUO Answers answers answers Read More .

Conclusions

As far as security flaws go, this is one of the easier ones to deal with. A lot of times, you’d have to scramble for patch fixes or avoid using the Internet or reboot into Safe Mode and purge your system of an infection. For this one, all you have to do is disable the feature and you’ll be safe for a long while.

Image Credits: Network Devices Via Shutterstock, Printer Via Shutterstock, Computer Security Via Shutterstock, Locked Router Via Shutterstock

  1. Krzysztof Buzko
    March 21, 2013 at 8:56 pm

    Good to know.

  2. Chris Marcoe
    March 21, 2013 at 5:22 pm

    So, the problem isn't really intrinsic to UPnP. Its just that the implementation doesn't have good security? Is this correct?

    • Aibek Esengulov
      March 22, 2013 at 6:14 am

      yes

  3. Onaje Asheber
    March 21, 2013 at 4:02 pm

    Great Info... I'll share!

  4. David Breeden
    March 21, 2013 at 1:44 pm

    Steve Gibson (www.grc.com) has some good advice on the subject, plus other small programs to check the security of your computer setup. I have used his work for several years.

    • David Breeden
      March 21, 2013 at 1:48 pm

      https://www.grc.com/unpnp/unpnp.htm is a program which checks and disables UPnP call unplug and pray.

    • Joel Lee
      March 22, 2013 at 3:49 pm

      Seems pretty useful. Thanks for sharing!

  5. Scott M
    March 21, 2013 at 11:04 am

    Always be alert with every tool that is used on your system.Someone is always seeking a new exploit and it pays to be extra vigilant..

  6. Noman Fayez
    March 21, 2013 at 10:56 am

    UPnP should be disable.... your right.

  7. jamie oneill
    March 21, 2013 at 2:00 am

    So is using it on utorrent or xbox live a risk? Sorry, im not v. tech savvy :-p

    • Aibek Esengulov
      March 22, 2013 at 6:12 am

      I don't think it applies to Utorrent (if you're referring to a torrent client) because they are not really related. Utorrent is a torrent client that downloads files to the device it's running on, it doesn't use UPnP.

  8. Kirby
    March 21, 2013 at 1:18 am

    Better use the old fashion method in setting up new devices if that's the case.
    Thanks for the article.

    Could you give instances how this happened and what damages, if any, were done?

    • Joel Lee
      March 22, 2013 at 3:49 pm

      I have not been able to find any reliable sources for occurrences of this recent vulnerability. Sorry!

    • Kirby
      March 25, 2013 at 2:35 am

      It's ok. I'll turn my UPnP on and findout what happens then I could share it with you ^^.

      If you happen to find out occurences of these please do share with us. Thank you.

  9. dragonmouth
    March 20, 2013 at 11:26 pm

    Does this apply to all O/Ss or just Windows?

    • Joel Lee
      March 22, 2013 at 3:48 pm

      I believe the problem is with the devices themselves. If they can communicate with one another, the vulnerability is probably there independent of the computer's OS.

Leave a Reply

Your email address will not be published. Required fields are marked *