What is UPnP and why you must instantly disable it

by Daniel Segun February 12, 2020


Think carefully what would you choose: safety or comfort? UPnP is a great helper when you need to connect devices without losing a second – no manual actions are needed. 

Unfortunately, it is also an easy target for hackers: they can enter your network and create a complete mess. Today we’ll tell you how hackers use UPnP and what measures you can take to protect your data.

Port forwarding: definition

To define UPnP, you should first understand what port forwarding is. It’s used to create a direct connection between a server or a home device and any other remote device. For example, you are willing to connect a laptop to a home camera and be able to see what’s going on when you are away.

So how does everything work? Your devices including a home router create a single Local Area Network or LAN. Devices outside LAN including your neighbor’s computer or a website server are called the Wider Area Network or WAN.

Normally no one from the outside is able to access your LAN devices unless you grant them access via port forwarding.

What is Universal Plug and Play?

What is  UPnP

UPnP is a protocol, which allows applications and devices of the network to automatically open and close ports in order to connect to each other. For example, if you need to connect a camera to every device at home without UPnP, you’ll have to connect the camera to every device. UPnP makes the process automatic.

It has zero-configuration, which means that your home network devices don’t need manual configuration to find a new device. Devices with enabled UPnP to join the network automatically, get an IP address and connect to other devices, which makes the process simple and comfortable.

Spheres of usage

  • Keeping track of home activity. By connecting to home cameras, you can see what’s happening when you are not around;
  • Gaming. Connecting gaming consoles and streaming online games;
  • Digital home assistants;
  • Devices for smart homes like internet-controlled lighting, thermostats, and locks;
  • Streaming media server content;
  • Streaming videos using TV devices like Apple or Roku stick.

Why is UPnP dangerous?

At first, UPnP was created to work on the level of home networks. However, with time multiple router producers started enabling UPnP by default making the devices discoverable from other networks, which caused serious security issues.

Only some devices use authorization or authentication, which means that those which don’t, consider connecting devices reliable and coming from your own network. Thus, hackers may find access to your LAN and pretend to be one of the devices. They’ll simply send a UPnP request to the router and it will open the port without questions.

Once hackers access your network, they will be able to:

  • Access other network devices remotely;
  • Steal sensitive data;
  • Install harmful software;
  • Use routers as proxy and hide malicious activities in a wider net. They can also use such an approach to spread harmful software, steal data of credit cards, conduct phishing or Denial of Service attacks. When using a router as a proxy, all the attacks seem to come from you and not from a hacker.

How to protect your devices

As you see, the problem is rather serious and you need to be rather attentive to devices that you are using. Luckily, there are several measures that can protect you and your personal data.

The first one is enabling the Universal Plug and Play – User Profile or UPnP-UP. It provides authorization and authentication measures for all UPnP applications and devices. However, it is not a 100% effective method because not all devices support UPnP-UP and can still assume that devices that are trying to connect to the router are reliable.

The second, more reliable way to protect your devices and sensitive data is the disabling the UPnP for good. However, before you do, we recommend checking whether your router is a potential UPnP hacker target. 

The third method is using VPN servers like VeePN, which ensure security and fast access to literally any content. 

Before doing anything, you should approach the question seriously and decide whether you are ready to give up the comfort and spend some time setting up the devices manually. Remember that doing so means that you have enough technical background.

Related posts