Universal Plug and Play (UPnP) is something that all of us have probably come into contact with without even realizing. If you’ve ever bought a new printer and noticed that your computer, phone and tablet are all able to recognize the device automatically, you’ve lived UPnP. If you fancied playing that song from your phone a little louder by broadcasting it to Alexa or some other wireless speaker, that’s UPnP.
Often paired with another widely used acronym IoT (internet of things), UPnP was designed simply to make communication between devices simpler and more convenient. UPnP, in short, helps to automate the process of device discovery and connectivity across a network.
However, with data breaches on the rise and a more security conscious population, is UPnP safe? First, we need to explain briefly how it works.
How Does UPnP Work?
From the perspective of a consumer, UPnP is the simplest thing in the world. You bring home a new device, connect it to the network, and suddenly all the other devices on that network are able to communicate with it automatically. All the dirty work is done behind the scenes. If we were to break it down and look at what was actually happening, we would see the following:
- Device joins the network
- Device grabs an IP address
- Device grabs a name and appears under that name on the network
- Device reaches out to other devices on the network and communicates
It’s important to note that an IP address is not a pre-requisite for UPnP, as many Internet of Things related devices (such as smart light bulbs and smart coffee machines) can communicate over Bluetooth of Radio Frequency Identification (RFID).
The Danger of UPnP
Many claims that UPnP, by design, is insecure. It is a protocol that is designed to automatically open ports into a firewall and allow an outsider to access a hosted server on a local machine that is protected by that firewall.
This can be compared to fixing an industrial lock onto a door guarding all your valuable items and leaving the key in the lock for anyone to use.
In that sense, UPnP effectively makes firewalls useless. Any trojan, for example, could set up a listening IRC server, RAT server or something equally as malicious and request that the firewall opens the port. All in all, not ideal.
Are the Concerns Over UPnP Security Legitimate?
Whilst it is usually recommended that you disable UPnP on your router (as many do out of principle), some have questioned whether this is necessary. When UPnP first came onto the scene in 2011, there were some glaring implementation issues that allowed configuration from the internet. This meant that anyone could open any port on it. Over the last decade, however, the software vulnerabilities in the routers have been patched numerous times with security in mind.
UPnP, therefore, is not inherently dangerous if your router is up to date and has all the latest firmware updates, and your connected devices are free of malware. UPnP becomes an issue if a connected device is infected with malware, as it can spread to your local devices. However, if this is the case, most malware doesn’t need UPnP to be enabled to do this in the first place.
So, What Can You Do?
You can disable UPnP on your router if you want peace of mind. However, most of the time, if an attacker wants to get inside your network and cause havoc, they don’t need UPnP to do it. In fact, cyber-attacks are so commonplace now, it’s not a matter of if it will happen to you, it’s a matter of when.
Many IT teams and tech-conscious people hate the idea of having to admit defeat to cyber-attackers. But the sad truth of the matter is that the attackers will always be able to navigate the security defences.
So, what can you do?
You can keep an eye on what the attackers are after in the first place, the data. Monitor interactions with data using User and Entity Behavior Analytics software that can detect anomalies and report on changes being made to critical files and folders, including copy events.