Technology Explained

What Is UPnP & Why Is It Dangerous?

Joel Lee 20-03-2013

Technology in the computer age has been plagued with unsecured features, security loopholes, and general oversights in software architecture. Flash drives can carry keyloggers Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More . Browsers might have open backdoors. Windows constantly updates with security fixes 3 Reasons Why You Should Be Running The Latest Windows Security Patches & Updates The code that makes up the Windows operating system contains security loop holes, errors, incompatibilities, or outdated software elements. In short, Windows isn't perfect, we all know that. Security patches and updates fix the vulnerabilities... Read More . We have to take the good with the bad and there doesn’t seem to be an end in sight.


Universal Plug and Play (UPnP) is one technological advancement that, too, comes with its share of drawbacks. It’s a technology of convenience but that convenience can leave your system vulnerable to certain problems if you don’t keep an eye on it. Keep reading to learn what UPnP is and how it can be dangerous for the safety of your network.

What Is Universal Plug & Play?

In technical terms, UPnP is a networking protocol (or actually, a set of networking protocols). These protocols outline a specific communication method that devices of all sorts can use to immediately communicate with one another on a network. For the most part, it’s used by devices to discover other devices on that particular network. UPnP is so common nowadays that I’d be surprised if you’ve never used it.

what is upnp

Still confused about what it is? Think of a printer. The first step is to physically connect it to your network (though nowadays it can be done through WiFi sometimes). In the past, you’d have to manually search for it and set it up so that other devices on the network could find that printer. Today, though, it happens automatically thanks to UPnP.

Once connected, devices on the network can continue to communicate with one another by sending and receiving data. Computers can tell printers to print documents How To Keep Printing Costs As Low As Possible Let's get this straight - printing emails and documents is primeval! Not only does it cost money, it also wastes resources, storage space, and time. In fact, half of all pages printed are never used!... Read More . Media centers can transmit audio data. Mobile devices can mount themselves onto computers. The possibilities are endless.


Hence the term “plug and play”. You plug in the device and you can immediately start playing it without having to wade through setup and configuration nightmares. It’s one of the most convenient networking technologies today, in my opinion. UPnP is mostly used on residential networks as opposed to business networks.

The Danger Of UPnP

what is upnp device

UPnP actually went under fire over a decade ago for a number of security vulnerabilities. Back then, the FBI suggested that users disable their UPnP settings 5 Tips for Securing Your Smart Devices and IoT Devices Smart home hardware is part of the Internet of Things, but how safe is your network with these devices connected? Read More in order to minimize their risks of damage. It’s happening again, though the specific flaw itself is different this time around.

What exactly is the problem with UPnP? Well, there are two main flaws that have come under attack recently:

  • Programming Errors – there are oversights in the actual code for UPnP implementations that can be exploited by malicious users, allowing them to execute harmful code through injection.
  • Unintended Exposure – the purpose of UPnP is to make devices on a network easily discoverable by other devices on that network. Unfortunately some UPnP control interfaces can be exposed to the public Internet, allowing malicious users to find and gain access to your private devices.

Just a few weeks ago, the U.S. Department of Homeland Security recommended that all users disable the protocol due to these glaring security holes. The flaws have rendered approximately 40 million devices around the world vulnerable to hacker infiltration. Quite an unsettling thought.

what is upnp

But don’t panic yet because there’s a silver lining to all of this: these flaws mostly affect older devices, but even they can be patched without needing to purchase new hardware.

Most UPnP implementations use an open source solution called lilupnp; technically, any device that uses a lilupnp version prior to 1.6.18 will be vulnerable to this threat. However, since most manufacturers don’t disclose that information to regular users, you’ll need to wait until your device manufacturers release updates that address these problems. Until those patches roll out, you can completely prevent the issue by disabling UPnP on all of your devices.


There are so many devices that utilize UPnP and so many manufacturers for each type of device that I couldn’t possible cover disabling instructions for all of them here, so I recommend that you run a Google search for your device and include the phrase “disable UPnP” in your search query.


As far as security flaws go, this is one of the easier ones to deal with. A lot of times, you’d have to scramble for patch fixes or avoid using the Internet or reboot into Safe Mode and purge your system of an infection. For this one, all you have to do is disable the feature and you’ll be safe for a long while.

Image Credits: Network Devices Via Shutterstock, Printer Via Shutterstock, Computer Security Via Shutterstock, Locked Router Via Shutterstock

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Terresa Portal
    December 5, 2016 at 6:44 pm

    The best way I have found to protect myself from scanners is to calculate what I need to cover my expenses for the day/ week and carry cash inside of my coat or sweater and zip it up. I never keep valuables of any kind in my pants pockets or my purse. I leave my credit cards in a metal wallet at home or in the console of my car so no one can scan my cards.

    Vengefully I hold on to the credit cards that have been cancelled and put them in my back pocket when I go shopping. When the thieves steal the credit card information and try to use it they are in for one very unpleasant surprise. LOL I also open up one of the seams in my coat pocket to create a secondary pocket for my cash behind the original pocket. There is a zipper to access my money from the outside pocket but it is covered by a velcro stripped tab that runs the length of the zipper plus one inch on both ends so it cannot be easily found by any who doesn't know it is there. I sew money pouches into the sleeves of my shirt where I can too.

  2. Krzysztof Buzko
    March 21, 2013 at 8:56 pm

    Good to know.

  3. Chris Marcoe
    March 21, 2013 at 5:22 pm

    So, the problem isn't really intrinsic to UPnP. Its just that the implementation doesn't have good security? Is this correct?

    • Aibek Esengulov
      March 22, 2013 at 6:14 am


  4. Onaje Asheber
    March 21, 2013 at 4:02 pm

    Great Info... I'll share!

  5. David Breeden
    March 21, 2013 at 1:44 pm

    Steve Gibson ( has some good advice on the subject, plus other small programs to check the security of your computer setup. I have used his work for several years.

    • David Breeden
      March 21, 2013 at 1:48 pm is a program which checks and disables UPnP call unplug and pray.

      • Joel Lee
        March 22, 2013 at 3:49 pm

        Seems pretty useful. Thanks for sharing!

  6. Scott M
    March 21, 2013 at 11:04 am

    Always be alert with every tool that is used on your system.Someone is always seeking a new exploit and it pays to be extra vigilant..

  7. Noman Fayez
    March 21, 2013 at 10:56 am

    UPnP should be disable.... your right.

  8. jamie oneill
    March 21, 2013 at 2:00 am

    So is using it on utorrent or xbox live a risk? Sorry, im not v. tech savvy :-p

    • Aibek Esengulov
      March 22, 2013 at 6:12 am

      I don't think it applies to Utorrent (if you're referring to a torrent client) because they are not really related. Utorrent is a torrent client that downloads files to the device it's running on, it doesn't use UPnP.

  9. Kirby
    March 21, 2013 at 1:18 am

    Better use the old fashion method in setting up new devices if that's the case.
    Thanks for the article.

    Could you give instances how this happened and what damages, if any, were done?

    • Joel Lee
      March 22, 2013 at 3:49 pm

      I have not been able to find any reliable sources for occurrences of this recent vulnerability. Sorry!

      • Kirby
        March 25, 2013 at 2:35 am

        It's ok. I'll turn my UPnP on and findout what happens then I could share it with you ^^.

        If you happen to find out occurences of these please do share with us. Thank you.

  10. dragonmouth
    March 20, 2013 at 11:26 pm

    Does this apply to all O/Ss or just Windows?

    • Joel Lee
      March 22, 2013 at 3:48 pm

      I believe the problem is with the devices themselves. If they can communicate with one another, the vulnerability is probably there independent of the computer's OS.