UPnP or universal plug and play is a protocol that enables quick network connectivity between devices and users through routers serving the local area network (LAN).
Starting in the 1990s, users got their first taste of automatic connections between devices within a network. UPnP made connecting devices out-of-the-box easy and fast thus reducing time spent on maintenance or onboarding of new systems. As a convenient feature for consumers, UPnP’s success has led to router manufacturers pre-configuring UPnP upon purchase.
The most popular use cases for UPnP-enabled devices include:
- Sharing content over a multimedia device
- Streaming video using internet TV devices
- Wireless home automation like IoT devices
- Remote home surveillance
This article looks at why UPnP is important, the security ramifications for enabling or disabling the protocol, and how the UPnP protocol works.
Why is UPnP Important?
In the early days of networking, administrators had to manually configure all new devices to the host network. Be it a new phone, printer, or server, devices were not built with the ability to connect to other devices or resources without explicit programming.
In a network with multiple internet-connected devices, the ease of opening a new device and connecting directly to resources, including other devices is a humongous draw for consumers. Like other advancements, UPnP gives users with less technical experience the ability to quickly deploy and use other devices.
Is UPnP Secure?
When UPnP arrived, industry experts were optimistic about its boost to home and LAN networks. Everything outside this network, known as the wide-area network (WAN) ideally wouldn’t have access to LAN resources unless otherwise granted.
Today, router manufacturers at large enable UPnP and the result to ease the discovery of publicly available networks and devices. Threat actors with the right skills can target the LAN and appear like a normal device such as an Xbox or smart TV trying to connect. Without suspecting it, the user could be granting access to their network of UPnP device resources.
Once inside, hackers can install malware, leak sensitive information, or use the router as a cover or proxy for conducting other cybercriminal activities. Though this is a problem, UPnP is still widely implemented by consumers so vendors leave the decision of disabling UPnP to the end-user.
Should I Disable UPnP?
Because UPnP can provide access to a range of devices outside the network, there is an inherent risk with use and many users choose to disable the feature.
This depends on the type and size of the network. For a healthcare organization working with patient data, extensive use of UPnP wouldn’t be feasible. Alternatively, coffee shop owners might prefer their public network to be easy to set up or change on the fly.
To protect against UPnP vulnerabilities, consistently update device firmware. Unless UPnP is necessary, consider disabling the feature. Know that without UPnP, your router will ignore automatic requests from new devices. This will create more hassle for the network admin, but the benefit is reduced risk of compromise.
How It Works: The UPnP Stack
The UPnP protocol is set within the router’s controls and works to manage UPnP devices entering the network. Here is the route UPnP capable devices take:
- Addressing: the process of requesting an IP address from the DHCP server
- Discovery: message sent to network devices requesting services
- Description: network devices offer descriptions of themselves
- Control: devices can make SOAP requests for services to the control URL
- Eventing: devices that share variables can subscribe to active changes made
- Presentation: the user interface where clients can access device capabilities
In less technical terms, UPnP capable devices collect an IP address, and then it’s off to the races. New devices communicate with network devices and can proceed to exchange data with other UPnP users on a client’s behalf.