What is UPnP or Universal Plug and Play?

Setting up digital devices has never been easier. It seems as though everyone, even the technology illiterate, can set up something like a printer. A lot of this has to do with UPnP or Universal Plug and Play. You may notice once you turn on your Wi-Fi printer (or any capable device), your computer, tablet, smart home assistant or smartphone can detect it. UPnP is a set of networking protocols that allow devices to discover one another automatically. This article will go into detail about what exactly UPnP is, and also discuss its advantages and disadvantages.

What is UPnP?

The term “plug and play” refers to how your device (after being plugged in) can instantly discover other devices on the network without the need to go through setup and configuration settings. UPnP is a set of protocols that outline a method of communication that allows devices to easily and instantaneously communicate with one another. Before UPnP, users would have to manually search for devices on the network and set it up that way. Once connected, the devices can continue to communicate with each other. But how does UPnP work? What exactly is happening here?

For the user, it’s as simple as plug and play, but there is a lot that goes on in this protocol. The device joins the network, grabs an IP address, grabs a name and appears under that name on the network, and reaches out to other devices on the network and then communicates with it. Without you even knowing it, all of these steps are being performed through the UPnP protocol.

An IP address isn’t necessary for a UPnP. Many Internet of Things or IoT devices can communicate over Bluetooth or Radio Frequency Identification.

How to Enable UPnP?

Most devices will come with the UPnP already enabled and ready to go. But if you need to do it manually or if you just want to make sure it’s enabled, follow these steps.

If you are on a Windows desktop, first click on the Start button on the bottom left of your screen (it will look like the Windows logo).

Next, click on the Control Panel Tab. Here you will be able to adjust your computer’s settings. Click on the Network and Sharing Center icon. On the top left of the screen, click on Change Advanced Sharing Settings.

Under the Network Discovery section, make sure the Turn on Network Discovery button is enabled. Once you have done this, click on the Save Changes button on the bottom of the screen. Once you have restarted your computer, your UPnP will start automatically.

What are the Security Risks of Universal Plug and Play?

Although UPnP has made our lives easier when it comes to connecting devices, the technology comes with security risks. The main problem with UPnP is that it does not authenticate. This means that it automatically assumes that every device trying to connect to the network is trusted and friendly. If a hacker or any type of malware exploiting the system compromises a computer, the rest of the network is instantly vulnerable.

Some of these problems can be due to poor implementation. Routers can also be blamed for these risks as well. Some older routers are more vulnerable, missing the appropriate security processes that determine if the connections are trusted and friendly.

Users should also check their router settings to make sure the setting configuration has their network as secure as possible. Most routers will come with a manual to help you set up a secure network.

History of UPnP Troubles

For quite some time now, there has been an understood idea for the risks involving UPnP. In 2001, the FBI’s National Infrastructure Protection Center recommended all users to disable UPnP due to a buffer overflow in Windows XP. Since then the NIPC issued a correction for the advice stating that it wasn’t a problem with the UPnP.

One of the significant risks is known as a Flash UPnP Attack. This specific attack on networks was first noticed in 2008. A Flash applet runs on specific websites while you are browsing the web. The applet can send UPnP requests to your router and asks it to forward ports. Once the router sends this information, there is a chance your network could be vulnerable to the entire Internet.

Some routers (with less security) could have even more problems. The Flash attack could change the primary DNS server with a UPnP request. A malicious server could redirect traffic to other websites. Also, if it looks like you are a site you regular, for example, Google.com, you could be on a site attacking your system and network.

Newer way hackers are taking advantage of UPnP is called QakBot or QB. This bot installs a key logger and sends banking credentials to remote Command and Control servers, enabling them to steal users’ passwords and credit card numbers. This method is hard for IT security to spot and trace, which makes it even more dangerous for UPnP users.

Some of this could be fixed by using a Firewall on your computer, but it doesn’t completely solve the problem. There is still a problem with the UPnP protocol, and many old routers are susceptible.

Conclusion

The Universal Plug and Play protocol have made users’ lives easier by making connectivity instantaneous and almost automatic. Although this has been convenient, the downsides have put user’s network security vulnerable to attacks. If you don’t use applications that require port forwarding, such as peer-to-peer apps, game servers, specific VoIP programs, you can potentially save yourself the worry by merely disabling UPnP altogether. You can still forward ports without it, but it will be more work. Disabling UPnP will differ from router to router, but it should be easy to find within the manual. Whether you decide to have your UPnP enabled or disabled is up to you, but be wary of the implications of this convenience.