Ever delve inside your home network routers and use the hidden security settings that can lock down a network nice and tight? Most people never do.

The UPnP architecture defines peer-to-peer network connectivity of intelligent appliances, devices, and. It is designed to bring easy-to-use, flexible, standards-based connectivity to ad-hoc, managed, or unmanaged networks, whether these networks are in the home, small businesses, or attached directly to the Internet. The UPnP architecture is a distributed, open networking architecture that uses existing TCP/IP and Web technologies to enable seamless proximity networking, in addition to control and data transfer among networked devices. UPnP is an IP-based protocol suite based on preliminary versions of Web Services protocols such as XML and Simple Object Access Protocol (SOAP). With UPnP, a device can dynamically join a network, obtain an IP address, convey its capability, and discover the presence and capabilities of other devices on the network. A UPnP device is a container of services and nested devices.

For example, a VCR might consist of a tape transport service, a tuner service, and a clock service. Different categories of UPnP devices are associated with different sets of services and embedded devices. For example, services within a VCR are different from those within a printer. Information about the set of services that a particular device type can provide is captured in an XML device description document that the device hosts. The device description also lists properties such as device name and icons associated with the device. Microsoft has enhanced UPnP support to include integration with and. The UPnP architecture is more than just a simple extension of the plug-and-play peripheral model.

It supports zero-configuration, invisible networking and automatic discovery for a range of device categories from a wide range of vendors. This enables a device to dynamically join a network, obtain an IP address, and convey its capabilities upon request. Then, other control points can use the Control Point API with UPnP technology to learn about the presence and capabilities of other devices. A device can leave a network smoothly and automatically when it is no longer in use. What is universal about UPnP technology? • Media and device independence. UPnP technology can run on any medium including phone line, power line, Ethernet, RF, and 1394.

• Platform independence. Vendors use any operating system and any programming language to build UPnP-based products. • Internet-based technologies. UPnP technology is built upon IP, TCP, UDP, HTTP, and XML, among others. • UI Control.

UPnP architecture enables vendor control over device user interface and interaction using the browser. • Programmatic control. UPnP architecture also enables conventional application programmatic control. • Common base protocols. Vendors agree on base protocol sets on a per-device basis. • Extendable.

Each UPnP-based product can have value-added services layered on top of the basic device architecture by the individual manufacturers. UPnP technology is broad in scope in that it targets home networks, proximity networks, and networks in small businesses and commercial buildings. It enables data communication between any two devices under the command of any control device on the network. UPnP technology is independent of any particular operating system, programming language, or physical medium. Microsoft provides two APIs for working with UPnP-based devices: • - Provides a set of COM interfaces that allow applications to find and control UPnP-based devices.

• - Provides a set of COM interfaces that allow developers to write core device functionality and register the device with the Device Host. The Device Host handles the discovery, description, control, and eventing portions of UPnP-based device functionality.

UPnP comes enabled by default on many new routers. At one point, the FBI and other security experts recommended disabling UPnP for security reasons.

But how secure is UPnP today? Are we trading security for convenience when using UPnP?

UPnP stands for “Universal Plug and Play.” Using UPnP, an application can automatically forward a port on your router, saving you the hassle of. We’ll be looking at the reasons people recommend disabling UPnP, so we can get a clear picture of the security risks. Image Credit. Malware On Your Network Can Use UPnP A virus, Trojan horse, worm, or other malicious program that manages to infect a computer on your local network can use UPnP, just like legitimate programs can. While a router normally blocks incoming connections, preventing some malicious access, UPnP could allow a malicious program to bypass the firewall entirely. For example, a Trojan horse could install a remote control program on your computer and open a hole for it in your, allowing 24/7 access to your computer from the Internet.

If UPnP were disabled, the program couldn’t open the port – although it could bypass the firewall in other ways and phone home. Is This a Problem? There’s no getting around this one – UPnP assumes local programs are trustworthy and allows them to forward ports. If malware not being able to forward ports is important to you, you’ll want to disable UPnP.

The FBI Told People to Disable UPnP Near the end of 2001, the FBI’s National Infrastructure Protection Center advised all users disable UPnP because of a buffer overflow in Windows XP. This bug was fixed by a security patch. The NIPC actually issued a correction for this advice later, after they realized that the problem wasn’t in UPnP itself. () Is This a Problem? While some people may remember the NIPC’s advisory and have a negative view of UPnP, this advice was misguided at the time and the specific problem was fixed by a patch for Windows XP over ten years ago.

Image Credit: The Flash UPnP Attack UPnP doesn’t require any sort of authentication from the user. Any application running on your computer can ask the router to forward a port over UPnP, which is why the malware above can abuse UPnP. You might assume that you’re secure as long as no malware is running on any local devices – but you’re probably wrong. The was discovered in 2008. A specially crafted Flash applet, running on a web page inside your web browser, can send a UPnP request to your router and ask it to forward ports. For example, the applet could ask the router to forward ports 1-65535 to your computer, effectively exposing it to the entire Internet. The attacker would have to exploit a vulnerability in a network service running on your computer after doing this, though – using a on your computer will help protect you.

Unfortunately, it gets worse — on some routers, a Flash applet could change the primary DNS server with a UPnP request. Port forwarding would be the least of your worries – a malicious DNS server could redirect traffic to other websites. For example, it could point Facebook.com at another IP address entirely – your web browser’s address bar would say Facebook.com, but you’d be using a website set up by a malicious organization. Is This a Problem? I can’t find any sort of indication that this was ever fixed. Even if it was fixed (this would be difficult, as this is a problem with the UPnP protocol itself), many older routers still in use would be vulnerable.

Bad UPnP Implementations on Routers The website contains a detailed list of security issues in the ways different routers implement UPnP. These aren’t necessarily problems with UPnP itself; they’re often problems with UPnP implementations. For example, many routers’ UPnP implementations don’t check input properly. Razer Kraken Pro. A malicious application might ask a router to redirect network to remote IP addresses on the Internet (instead of local IP addresses), and the router would comply.

On some Linux-based routers, it’s possible to exploit UPnP to run commands on the router. () The website lists many other such problems.

Is This a Problem? Millions of routers in the wild are vulnerable. Many router manufacturers haven’t done a good job of securing their UPnP implementations. Image Credit: Should You Disable UPnP? When I started writing this post, I expected to conclude that UPnP’s flaws were fairly minor, a simple matter of trading a little bit of security for some convenience. Unfortunately, it does appear that UPnP has a lot of problems.

If you don’t use applications that need port forwarding, such as peer-to-peer applications, game servers, and many VoIP programs, you may be better off disabling UPnP entirely. Heavy users of these applications will want to consider whether they’re prepared to give up some security for the convenience.

You can still forward ports without UPnP; it’s just a bit more work. On the other hand, these router flaws are not actively being used in the wild, so the actual chance that you’ll come across malicious software that exploits flaws in your router’s UPnP implementation is fairly low. Some malware does use UPnP to forward ports (the Conficker worm, for example), but I haven’t come across an example of a piece of malware exploiting these router flaws. How Do I Disable It? If your router supports UPnP, you’ll find an option to disable it in its web interface. Consult your router’s manual for more information. Do you disagree about UPnP’s security?

Leave a comment!