What is UPnP and why you should disable it immediately
UPnP helps you quickly connect devices to your network with no manual configuration. However, it can also let hackers into your network and put your devices at risk. In this article, we explain the benefits and risks of UPnP, and how you can protect yourself.
Table of Contents
Table of Contents
What is UPnP?
UPnP (Universal Plug and Play) is a network protocol that allows apps and devices to open and close ports automatically in order to connect with each other. UPnP requires zero configuration — you can add a new device to your network and have it automatically connect with your other devices.
UPnP is a way to make port forwarding automated and easier than a manual process. For example, if you want to connect a printer to everyone in your household without UPnP, you would need to connect the printer to every single device. UPnP automates this.
Zero-configuration means that none of the devices on your network need manual configuration to discover a new device. UPnP-enabled devices can automatically join a network, obtain an IP address, and find and connect to other devices on your network, making it very convenient.
Check out our video on UPnP below.
What is UPnP used for?
UPnP can be used in several ways to achieve a better online experience.
- Gaming. Connecting Xboxes and other gaming consoles like the Nintendo Switch to stream online games;
- Remote home surveillance. You can use UPnP to connect to your home cameras while you’re away;
- Digital home assistants like Echo dots;
- Internet of Things devices for wireless home automation like smart lighting, internet-controlled thermostats, and smart locks;
- Streaming content with a media server;
- Streaming videos through internet TV devices like Roku stick or Apple TV.
How does UPnP work?
UPnP uses four common networking standards (TCP/IP, HTTP, XML, and SOAP) to automatically open and shut ports. UPnP uses a client-server model, in which control points, or clients, search for UPnP servers, or devices. The UPnP process consists of six main steps.
- Addressing: The UPnP allows the device to self-assign an IP address, or requests an IP address for a device from a DHCP server.
- Discovery: The UPnP device identifies itself to other networked devices.
- Description: The control point (client) uses the HTTP protocol to extract device descriptions containing manufacturer details, serial numbers, driver details, and URLs. This information is presented in an XML file.
- Control: Via the SOAP protocol, messages are sent between device URLs, enabling remote control.
- Eventing: A notification system is set up to send alerts to control points when a state variable changes.
- Presentation: When a device provides a presentation URL, the control point retrieves a page from a URL to load in a browser. Through a browser, the user can potentially control a device or view its status.
Why isn’t UPnP safe?
Originally, UPnP was only supposed to work on the LAN level, meaning that only devices on your network could connect to each other. However, many router manufacturers now enable UPnP by default, making them discoverable from the WAN, which leads to many security issues.
UPnP doesn’t use authentication or authorization for most devices, assuming that devices trying to connect to it are trustworthy and come from your local network. This means that hackers can find backdoors to your network. For example, they can discover your router on the wider net and then pretend to be an Xbox. They will send a UPnP request to your router and the router will open the port – no questions asked.
Once the hacker gets a presence on the network, they can:
- Get remote access to other devices connected to the same network;
- Install malware on your devices;
- Steal your sensitive information;
- Use your router as a proxy to hide other malicious activities over the wider net. They can use it to spread malware, steal credit card information, and perform phishing attacks, or Denial of Service (DDoS) attacks. Using your router as a proxy means that all these attacks will look like they are coming from you rather than the hacker.
Should UPnP be enabled or disabled?
You should disable UPnP to protect your security. Having UPnP enabled makes your network and the devices connected to it less safe, and could leave the door open to hackers.
As discussed in the previous section, leaving UPnP on opens you up to online threats. UPnP can offer convenience, but it’s not worth the risk. If you still want to open ports on your router, you can do so manually on a case-by-case basis, instead of relying on UPnP as a long-term solution.
Is UPnP better for gaming?
One reason you might want to take the risk of UPnP is for gaming. UPnP certainly makes the gaming experience easier. Instead of you having to manually identify your port number for each device or online game, UPnP does it for you. Again, however, putting your network at risk from cyberattacks is never a good idea, regardless of how convenient something is.
What happens if I turn off UPnP on my router?
If you turn off UPnP altogether, your router will ignore all incoming requests so you’ll have to set up devices manually. This means that the router will no longer automatically open ports on your LAN, ignoring even legitimate requests.
This doesn’t mean you won’t be able to connect to devices on your network or online games. But it will be more of a hassle. You’ll have to manually set up the port forwarding rules for each specific connection, which will require more time, effort, and technical knowledge. However, there are online tutorials to guide you through specific port forwarding.
How to enable or disable UPnP
Follow these steps to enable and then disable UPnP on your router. Please note that this will be a slightly different process depending on the model of router used.
- Make sure your device is connected to the router’s network, and open a web browser.
- Input your router’s IP address into the address bar at the top of the browser.
- This should open your router’s interface, where you can input a username and password (If these are not listed on the back of your router or in the documentation that came with it, your ISP can provide them).
- Look for an area within your router settings called “Advanced” or “Advanced Network”, which should contain a UPnP tab.
- You should see a box to check or uncheck, turning UPnP on or off.
- If you enabled UPnP, input a number of minutes into the “Advertisement Time” field (the standard here is 30 minutes).
- Again, if you have enabled UpnP, you should see a field marked “advertisement time to live in hops” or something similar — the standard value for this field is “4” but this can be increased if UPnP is not functioning efficiently.
- Click “Apply” (or a similar phrase, like “Save”) to complete the process.
How to protect yourself
When it comes to UPnP router vulnerabilities, there are two options you can choose to protect yourself.
First, you can enable UPnP-UP (Universal Plug and Play – User Profile), which provides authentication and authorization mechanisms for UPnP devices and applications. However, this is not a foolproof method as many devices don’t fully support it and might still assume that other devices connecting to your router are trustworthy.
The other more secure method is to disable UPnP completely. Before you do, it’s recommended to check whether your router is vulnerable to UPnP exploits. You should also consider whether you want to give up the convenience of UPnP and whether you will be able to set up your devices manually. Doing so may require some technical know-how.
Want to read more like this?
Get the latest news and tips from NordVPN.