Technology in the digital age is plagued by security loopholes created by oversights in software architecture.

Universal Plug and Play (UPnP) was marked as a significant technological advance.

But, it comes with its share of drawbacks that might leave your systems vulnerable to potential cyber-attacks. In fact, it is enabled by default on millions of routers.

This article will discuss what UPnP is and the risks it poses to your network’s security.

What is Universal Plug and Play (UPnP)?

Universal Plug and Play is a set of networking protocols. It enables network devices such as computers, Internet gateways, printers, media servers, and Wi-Fi access points to discover each other’s presence on the network and create functional network services for data sharing.

UPnP was intended for private networks that do not have enterprise connectivity.

This technology operates under the assumption that a network runs IP (Internet Protocol) after which it leverages SOAP, XML, and HTTP so that it can provide service/device description, data transfers, actions, and eventing. Advertisements and device search requests are enabled by running HTTP in addition to UDP – port 1900 – using HTTPMU (multicast). Search requests’ responses are usually sent over the UDP.

This technology was endorsed by the UPnP forum which is an industry initiative to promote robust and straightforward connectivity to personal computers and stand-alone devices from different vendors. The panel comprised of over 800 vendors who were involved in everything from network computing to consumer electronics. But as from 2016, Universal Plug and Play is managed by the Open Connectivity Foundation.

In concept, Universal Plug and Play is supposed to extend plug and play (a technology that dynamically attaches devices directly to a machine) to zero-configuration networking for SOHO and residential wireless networks.

Thus, UPnP devices are archetypical plug and play. When they are connected to a network, they automatically seek and create working configurations with other hardware.

diagram of universal plug and play vulnerabilities

What Does UPnP Do?

If the above definition seemed a bit complex, then let us use a printer as an example.

In an office setup, the first step would be to connect it physically to the network router – even though you can do it via Wi-Fi today. In the past, you would have to search for the printer manually and then set it up so that other devices within the network can find the printer. Today, however, this process happens automatically thanks to Universal Plug and Play.

Once they are connected, the devices on that network will continue communicating with each other by receiving and sending data. As such, a computer can instruct the printer to print documents; a media center can transmit audio data, while mobile devices can mount themselves onto the computer. The possibilities are endless.

This is why it is called plug and play. You plug in a device and can start playing it right away without having to go through the hassles of setting up and configuring the connection. This makes it one of the most convenient networking technologies that are available to us.

However, UPnP technology has serious security flaws.

For instance, if a computer or some other device connected to the router exploited, the attacker may gain remote control of all devices and security systems. Thus, allowing access to your passwords and access all the other devices that are connected to the network. Additionally, once a device has been compromised, it can be utilized as part of a botnet to issue DDoS (distributed denial of service) campaigns to take down sites while hiding the attacker’s location. It might also provide them with a starting point for other attacks.

Some of the most significant cyber-crimes in recent history have leveraged internet-based devices to launch major DDoS attacks.

With more and more devices utilizing this technology to get connected to the internet, they are the ideal targets for hackers who have to accumulate devices so that they can overwhelm a business network.

Security Risks of Universal Plug and Play

A security survey by Akamai discovered that hackers are actively exploiting the weaknesses of this technology as a starting point for more prominent attacks.

For example malware distribution, DDoS, credit card theft, and phishing attacks.

The evidence found suggested that over four million devices were potentially susceptible to being used in a  DDoS attack. This number accounts for approximately 38 percent of the 11 million internet-facing UPnP devices that are being used all over the world. This serves as a big pool for hackers to leverage what would have been small and local attacks into serious threats.

Primarily, these cybercriminals exploit this technology’s weaknesses to reroute the traffic in your business repeatedly until it is untraceable. And in spite of the industry’s knowledge about these vulnerabilities, hackers continue to take advantage of the general apathy towards strengthening the technology.

By default, this technology does not employ authentication.

This means that to ensure security, the devices in the network have to incorporate the additional Device Security Service or the Device Protection Service. There is also a non-standard solution that exists known as Universal Plug and Play – User Profile (UPnP-UP) which proposes an extension to enable user authentication and authorization techniques for UPnP-applications and devices. Sadly, most universal plug and play device implementations do not have authentication methods because they assume that local systems and their users can be trusted.

If authentication techniques are not implemented, firewalls and routers that run the UPnP-protocol become vulnerable to attacks.

examples of malware

Don’t Overlook Securing Your Network

The purpose of Universal Plug and Play technology is to make devices on a specific network to be easily discoverable by other utilities on the same network. Unfortunately, some Universal Plug and play control interfaces can be exposed to the public internet thereby enabling individuals with malicious intent to locate and obtain access to your devices.

A device that is compromised is nothing short of a ticking time bomb for your business network. Because of the complicated nature of these attacks, detecting one as it happens can be very difficult for the user.

In our current world where a fluid work culture is ideal, more and more employees are taking connected devices to and from their workplaces. There is no room for error when it comes to your business’s cybersecurity.

The takeaway here is that you should ensure that your UPnP router settings are disabled.