UPnP security risk

UPnP, or Universal Plug and Play, allows devices that connect to networks to communicate seamlessly with one another and discover each other’s presence. – Zack Witthaker (on ZDNet)

That is not a explanation of UPnP, that is a marketing slogan. No one will refer to that, do I have to shut down all my internet connected devices now?

The short answer is no.

Some research shows that there is a threat and it is to be taken seriously, as warned by the US department of Homeland Security. The UPnP protocol is one of the very few protocols that could enable a hacker to bypass your gateway and enter your computer without you noticing it. The fact that most gateways don’t accept new connections from the internet doesn’t help either – your file sharing application might just do the trick as well.

What is UPnP?
Imagine all of your devices on the network speaking different languages by default. They could use English as a “connector language”, but sometimes this is not sufficient, because it doesn’t have the right words for some things. Then UPnP is used to find devices which can speak other languages as well, like Spanish, German or Dutch. As an example, the UPnP protocol is used when trying to find a printer and connect to it or when trying to find other clients using the same filesharing system on a network.

Note: The UPnP has nothing to do with communication between clients and servers, like posting a tweet or visiting a website, it’s just to find other, devices on a local network to communicate. Browsing to a web site does not use the UPnP protocol, printing a file does.

Why does homeland security warn now, when the leak has been in there for so long?
Because someone found the leak and made it public, forcing device manufacturers to upgrade their systems or deal with the responsibility that their devices are unsafe. Something the device manufacturers couldn’t possibly know beforehand, because it’s very hard to plug a hole of which you don’t know if it’s there or not, nor know where it is, the perfectly safe device does not exist and the vunurability is in a standard piece of the UPnP software which is used in many devices. I am curious as to how these manufacturers are going to deal with this publication, though, because that’s the interesting part.

What should I do to keep me safe?
(This is a bit technical) Apart from the usual “don’t click on supicious links or open suspicious e-mail and files”, check your firewall settings and make sure your router doesn’t accept connection requests from the big dark outside. Disable UPnP by blocking UDP port 1900 might be the safest, but also disables some other functionality (like the ability to connect to your printer), so be selective on that part. Want some free advice on to how to do this? Leave a comment.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s