Would you rather choose convenience or security? UPnP helps you quickly connect devices to your network – zero manual configuration needed. However, it can also let hackers into your network to perform malicious activities. Find out how hackers exploit UPnP and what you can do to protect yourself.
To understand what UPnP is, you should first understand port forwarding. Port forwarding is used to establish a direct connection between your home device or a server and a remote device. For example, you might want to connect your laptop to your home camera and keep an eye on them while you are away.
How does it work? All your home devices, including your router, together create a so-called Local Area Network (LAN). Everything outside the LAN, such as website servers or your friend’s computer, are on the Wider Area Network (WAN). Usually, no one outside your LAN can access devices on your network unless you let them via port forwarding.
Universal Plug and Play (UPnP) is a protocol that allows apps and other devices on your network to open and close ports automatically to connect with each other. For example, if you want to connect a printer to everyone in your household without UPnP, you would need to connect the printer to every single device. UPnP automates this.
UPnP offers zero-configuration, meaning that none of the devices on your network need manual configuration to discover a new device. UPnP-enabled devices can automatically join a network, obtain an IP address, and find and connect to other devices on your network, making it very convenient.
UPnP certainly makes the gaming experience easier. Instead of you having to manually find which ports to open for each new device or online game, UPnP does it for you. However, if you decide to go the manual port forwarding route, there are online tutorials on how to open specific ports for certain games and devices.
Some argue that manual port forwarding is better for your internet connection speed, since UPnP causes lag. But does it, really? It’s highly unlikely, but when it comes to gaming, it might add latency to your connection, yet it shouldn’t affect your download speed.
Originally, UPnP was only supposed to work on the LAN level, meaning that only devices on your network could connect to each other. However, many router manufacturers now enable UPnP by default, making them discoverable from the WAN, which leads to many security issues.
UPnP doesn’t use authentication or authorization (only some devices), assuming that devices trying to connect to it are trustworthy and come from your local network. This means that hackers can find backdoors to your network. For example, they can discover your router on the wider net and then pretend to be an Xbox. They will send a UPnP request to your router and the router will open the port – no questions asked.
Once the hacker gets a presence on the network, they can:
When it comes to UPnP router vulnerabilities, there are two options you can choose to protect yourself.
First, you can enable UPnP-UP (Universal Plug and Play – User Profile), which provides authentication and authorization mechanisms for UPnP devices and applications. However, this is not a foolproof method as many devices don’t fully support it and might still assume that other devices connecting to your router are trustworthy.
The other more secure method is to disable UPnP completely. Before you do, it’s recommended to check whether your router is vulnerable to UPnP exploits. You should also consider whether you want to give up the convenience of UPnP and whether you will be able to set up your devices manually. Doing so may require some technical know-how.
If you turn off UPnP altogether, your router will ignore all incoming requests so you’ll have to set up devices manually. This means that the router will no longer automatically open ports on your LAN, ignoring even legitimate requests.
This doesn’t mean you won’t be able to connect to devices on your network or online games. But it will be more of a hassle. You’ll have to manually set up the port forwarding rules for each specific connection, which will require more time, effort, and technical knowledge. However, there are online tutorials to guide you through specific port forwarding.
For more cybersecurity news and tips, subscribe to our monthly blog newsletter below!