What is UPnP? And Why is it Still a Security Risk?

What is UPnP? And Why is it Still a Security Risk?

Oct 22, 2024

In this video, learn what UPnP is, what it does, use cases, why it's a security risk, and security measures you can take. Read more on the JumpCloud blog: https://jumpcloud.com/blog/what-is-upnp

Learn more about:

Try JumpCloud for free: https://jumpcloud.com/signup

Resources and social media:

Transcript:

Universal Plug and Play, or UPnP, is a way for all devices on a local network to discover and connect with each other automatically, rather than having to connect each device by manually entering protocols like TCP/IP, HTTP, or DHCP.

UPnP makes connecting devices on a network simple and seamless.

When a device first joins a network, it sends out a Discovery message to find other UPnP enabled devices.

Other devices receive the discovery message, then respond with their own Announcement message.

Once the devices are talking, they give each other a Description of their features and capabilities.

Then, UPnP automatically sets up the Connection so they can share data and control each other. For example, streaming a slideshow from your smartphone to your smart TV.

Connected devices send UPnP Notifications to inform each other of events. Like when your printer tells your computer it’s out of paper.

If there are any changes on the network, UPnP Adapts to the difference and automatically informs all other devices.

What is UPnP used for? Well, just about everything we do.

UPnP connects gaming consoles, enables home automation and smart appliances, and makes it easy to stream media and control other devices from your smartphone.

There’s no doubt UPnP makes our lives easier -- But why is UPnP still a security risk?

Hackers could use UPnP to infect other devices with malware or viruses. They use external devices to take unauthorized control of local devices and data. And they can leak shared data.

Hackers take advantage of UPnP by…

Port forwarding – this redirects traffic from your router to the attacker’s server, enabling them to launch attacks from within your own network.

Firewall penetration – malware can “poke holes” in your firewall, exposing vulnerable devices.

Changing DNS Settings – this redirects all your web traffic to malicious servers where hackers can record sensitive data.

Device Hijacking – when smart devices are taken over and used to send malicious instructions to other devices on the network.

and

DDoS Attacks – this is where UPnP devices amplify signals, overwhelming servers with massive levels of traffic.

So, how can you protect yourself from UPnP security risks?

Make Routine System Updates across your entire network, including routers, firewalls, antivirus software, and devices.

Keep Track of Emerging Threats with resources like the National Institute of Standards and Technology’s list of Common Vulnerability Exposures.

Follow Strict Security Specs with official guidelines set out by the Open Connectivity Foundation.

Managing devices and assets is an important part of UPnP security – and JumpCloud uses unified Saas, IT, and network security to deliver secure provisioning and monitoring.