What Is UPnP and Is It Still a Security Risk?

Universal Plug and Play (UPnP) is a convenient solution to connect devices to your Wi-Fi network. It’s a commonly used protocol that lets a new device discover other devices on your network and have remote access to them.

If you’ve ever used a wireless speaker or printer, you’ve used UPnP. Yes, it’s all around us and while it does bring convenience, it brings security risks too.

What Does UPnP Mean?

When you get a new wireless device and notice your phone or computer recognizes it automatically, that’s UPnP in action. It seems simple on the surface, but a lot of automatic configurations take place behind the scenes.

The same happens when you plug in a new speaker and turn it on. In just a few seconds, the speaker appears on your network. On your phone, you tap on the speaker once and you’re set to play music.

How did the speaker connect to your network on its own? How was it immediately discoverable on your phone without you having to authorize it?

How Does UPnP Work?

This is what happens behind the scenes:

  1. The speaker joins the network.
  2. It assigns itself an IP address.
  3. It assigns itself a name and appears under that name in your network.
  4. It starts interacting with other devices and informs them about its capabilities.
  5. You can start using the speaker instantly.

If it weren’t for UPnP, you’d have to configure each separate device manually to connect it to the speaker. This is a time-consuming process and requires some technical know-how. UPnP completely automates the process.

UPnP also allows devices to automatically open ports on your router to connect to home devices which involves port forwarding. In layman terms, port forwarding is just a way for external devices to connect to devices in your network over the internet.

Port Forwarding Explained

Let’s take an example to understand port forwarding. Smart home applications let you turn on your AC with your phone before you arrive. Have you ever noticed how an app on your phone accesses and controls the devices in your home though? It even allows you to control them when you’re at the office?

A firewall protects all devices in your home network. This means no device or server outside your home network can connect to it. While you’re at the office, your phone is on an external network and with a firewall in place, you can’t connect to your home network.

That said, UPnP opens up gateways in your firewall. Every UPnP-powered device, once connected to your network, sends a port forwarding request to your router to open a specific port. This port will allow an external device or server to interact with your home network.

Visual representation of a port forwarding request.  

Any device can send a port forwarding request to your router to open a port and your router will comply. No questions asked. UPnP won’t ask you for authorization since this is a completely automated process. What’s more, UPnP uses no mechanism to make sure that a port forwarding request is safe to grant.

That said, does using UPnP expose you to security risks?

What Makes UPnP a Security Risk?

Initially, UPnP only worked for devices on your home network. This means only devices connected to the same LAN could interact with each other. Now, most routers come with default UPnP settings that let external devices connect to your network too. Cybercriminals can exploit this.

As mentioned before, a UPnP-enabled router will authorize every port-forwarding request since it assumes every device that sends one is trustworthy. That said, cybercriminals are always on the hunt for home networks with UPnP enabled and valuable data. Getting into a UPnP-enabled network is surprisingly simple. All they have to do is breach your network and pretend to be an ordinarily benign device, like an air conditioner or a Smart TV, and send your router a port forwarding request.

Like always, your router with overly-trusting UPnP protocols will grant the request. This opens up a gateway for anyone to extract information and install malicious software on your devices. The worst part is that backdoor attacks like these go undetected for months, giving cybercriminals more than enough time to do whatever they want.

Below are some of the most common objectives of such backdoor attacks:

    • 💣 Install malware on other devices on your network.
    • 💣 Gain access to other devices, most usually an IoT device such as a surveillance camera.
    • 💣 Commit identity theft, or steal other confidential information.
    • 💣 Initiate a ransomware attack.
    • 💣 Change admin credentials.
    • 💣 Change IP, PPP, or Wi-Fi settings.
    • 💣 Use the router’s IP address as a cover or proxy for other criminal activities. Mostly for frauds, phishing, and Denial-of-Service (DDoS) attacks.
    • 💣 Modify DNS server settings to redirect you to fake websites. For instance, if you want to go to your bank’s site, your browser will take you to a fake site that imitates the real one to steal your credentials.

Do these attacks have precedents? Let’s consider historical UPnP attacks.

UPnP Cyberattacks in the Past

The security risks of UPnP aren’t just on paper. Cybercriminals have taken advantage of its flaws multiple times since its invention in 1999. The FBI even asked users to disable UPnP at one point due to its cybersecurity risks. Although a security patch later fixed that particular problem, no one can deny that UPnP, despite the convenience it offers, is and has been a vehicle for many dangerous cyberattacks.

Check out the following UPnP cyberattacks:

Mirai Attack

The Mirai botnet attack in late 2016 subjected multiple high-profile targets to DDoS attacks. Cybercriminals used UPnP technology to compromise IoT networks, primarily CCTV cameras, to conduct the cyberattack. It was such a massive attack that it resulted in internet outages in large parts of the US East Coast.

Flash UPnP Attack

The Flash UPnP attack uses a special Flash app to compromise a victim’s network. If you visit an infected web page on a browser, the Flash app automatically sends a port forwarding request to your router. UPnP is completely autonomous, so your router grants the request and exposes your network to the internet.

Pinkslipbot Attacks

Pinkslipbot, a banking trojan that also goes by the names Qakbot or QBot, relies on UPnP to enter victim devices and carry out malicious activity. The malware extracts sensitive information from your devices and exploits UPnP to use infected devices as proxies to carry out criminal activity.

These are only a few most popular examples of cybercriminals taking advantage of UPnP vulnerabilities. You need to address the UPnP security issue if you want to keep your network safe from such cyberattacks.

How to Fix UPnP Security Problems?

You can address UPnP vulnerabilities in 2 ways. You either use UPnP-User Profile to keep using the protocol but with greater security or you simply disable UPnP on your router.

UPnP – User Profile

UPnP – User Profile (UPnP-UP) combines convenience with security. It asks for authorization of UPnP devices and apps before granting any requests. That said, this isn’t a complete solution. Your router and devices may not support UPnP-UP and even if they do, the protocol still has no mechanism to determine the trustworthiness of external devices trying to connect to your router.

Disable UPnP

UPnP brings convenience at the cost of security. If you’re ready to forgo that convenience, you can simply disable UPnP on your network. This will make your network safe from all UPnP-related threats.

If you rely heavily on UPnP, you’d want to evaluate the pros and cons of disabling it on your network. Before you do that though, check if your router has a built-in mechanism to guard against UPnP exploits.

If your router can protect itself, you don’t have to worry. If you have no protective mechanism in place and you feel your network and devices are at risk, you’re better off disabling UPnP.

How to Disable UPnP?

You need to access your Wi-Fi network’s admin panel to disable UPnP. Accessing the UPnP configuration page differs from router to router, but the overall process is pretty similar.

You need to connect to your Wi-Fi network to access the admin panel.

Step 1: Find your router’s IP address. Go to the Wi-Fi settings on your device and tap on your network. The IP address will be something like this: 192.168.0.1.

Step 2: Copy the IP address and paste it into your browser’s search bar.

 

Step 3: Enter your username and password that your service provider has given you. Usually, both of these are either “admin” or “useradmin”. You can also find your login credentials on the router or in its box.

 

Step 4: Navigate to Advanced Settings or the More Functions tab. The UPnP settings may be located under different tabs for different routers.

 

Step 5: Find and click on Advanced Network.

 

Step 6: Find the UPnP settings and uncheck the box that says Enable UPnP.

 

Your router won’t entertain any incoming requests for port forwarding with UPnP fully disabled. This means you’ll have to set up manual port forwarding for your home devices. You might need to learn a few technical steps, but it’s not too difficult. You’ll find quite a few easy-to-follow guides to set up ports for your devices.

Manual port forwarding will certainly be more time-consuming, so this is where you need to decide between security and convenience.

If you’re a gamer with heavy UPnP use and don’t have a lot of confidential data stored on your devices, you might be better off continuing to use the protocols. You can always add an extra layer of security to your network with a VPN.

How Does a VPN Help with UPnP Security Risks?

Cybercriminals need to identify your network to target it. They need to know your digital identity and network address to send a port forwarding request to your router and break your network’s firewall.

CyberGhost VPN encrypts your internet traffic with our state-of-the-art 256-AES encryption and masks your IP address, which makes it impossible for anyone to identify your network on the internet. This way, if a criminal wants to target you, they’ll never be able to identify your network.

You can also install CyberGhost VPN on your router. This encrypts all traffic to and from your router, making it extremely difficult for a cybercriminal to identify your network and subject it to a cyberattack.

Conclusion

UPnP poses a security risk because it has no mechanism to identify the authenticity of port forwarding requests. It makes it very easy for cyberattackers to target your network if they identify your network as a high-profile target.

A vast majority of networks still continue to use the protocol for the convenience it offers. The safest option is to disable UPnP on your router. That said, if you’re a gamer or you utilize UPnP frequently for something different, it’s your call to choose between convenience and security. If you want to continue using UPnP, use CyberGhost VPN to hide your digital identity and add extra security to your network.

FAQ

What is UPnP?

UPnP (Universal Plug and Play) is a popular protocol, allowing devices within a network to connect and interact remotely without human intervention. They can also send your router autonomous port forwarding requests to open a passage in your network’s firewall. This connects your home devices directly to the rest of the internet. UPnP isn’t always safe, but you can use it with CyberGhost VPN to ensure you’re as secure as possible.

Should UPnP be enabled?

It depends on what you want: convenience or security. UPnP has its security risks, but it also lets devices connect and send port forwarding requests automatically, saving time. If you’re a heavy UPnP user and don’t want to set up manual ports on your router, you can keep UPnP enabled. UPnP has its risks so install CyberGhost VPN on your router to add an extra layer of security to your network.

What happens if I turn off UPnP?

If you turn off UPnP on your router, it’ll stop granting all port forwarding requests. It won’t let a device use a port even if you authorize it. You’ll have to manually set up ports on your router for each device. If you’re looking for security with UPnP, explore all CyberGhost VPN’s security features with our 45-day money-back guarantee.

Is UPnP good for gaming?

UPnP makes the gaming experience a lot more convenient. You won’t be able to play some games or connect with some players online if you don’t have UPnP enabled. Alternatively, you can also use port forwarding but that can be a hassle. CyberGhost VPN helps you get a better gaming experience too. Contact our 24/7 customer support team to help set you up.

Does UPnP increase my internet connection speed?

UPnP has no impact on your internet speed, latency, or bandwidth. It’s just a connectivity protocol to make connections easier to set up. If you think your ISP throttles your connection every time you game or stream, CyberGhost VPN can help. It encrypts your traffic, so your ISP has no idea what you do online to throttle you. CyberGhost VPN also offers super-fast connection speeds, so you can game, stream, and surf like Flash.

Leave a comment

Thanks for your good idvice I’m very honest cyber ghost thanks so much.

Reply

We’re always happy to help!

Write a comment

Your email address will not be published. Required fields are marked*