What is UPnP
Universal Plug and Play (UPnP) is a networking protocol that allows network-connected devices to discover each other and to communicate automatically using a "plug-and-play" technology.
Why is UPnP a security risk?
UPnP is enabled by default on many devices, such as home broadband routers. Most devices do not use authentication or it is off by default, and as such have become a target for malware and hackers. A UPnP capable device can be attached to a network and will automatically announce its presence, obtain an IP address and broadcast its functions while learning about other devices on the network.
A UPnP device can be remotely accessed or modified. Instructions can be sent to it without requiring the owners permission. Instructions such as opening a hole in your firewall (as used by the Xbox for online gaming).
What is the recommendation?
If possible turn off UPnP or replace the device with one that allows UPnP to be disabled.
If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at firstname.lastname@example.org.
Article date: 14th July 2013