Universal Plug and Play (UPnP) is an issue that is being discussed in the online community of privacy advocates and agencies which enforce the law. It is a controversial technology, and people suggest only one thing to do with it, i.e., disable UPnP.
Your devices contain personal data and other things that fall under the umbrella of privacy which should not be given access to at any cost. Once UPnP is integrated into all of your devices, this protocol allows immediate connections to the internet. Your device will accept all incoming requests and will give unauthorized access to your internet-connected devices.
What is UPnP (Universal Plug and Play)?
To put it simply, UPnP is a software protocol whose aim is to simplify the management of your internet-connected devices or IoT (internet of things) devices.
If an IoT device has a complex system of setting up, establishing connections of those devices can be difficult and time-consuming.
A UPnP software protocol automates the process of port forwarding and allows the tools to find each other without any hurdle. It skips the process of extensive configurations and setup of devices on local area networks and establishes connections straightforwardly. Thus it manages the home network efficiently.
People use this protocol for Wireless Streaming, Home Surveillance Devices, and Automation of their IoT devices. Even though UPnP seems to be a great technology as it helps cut time and makes things easier, it has a bad reputation, and we’ll tell you why.
UPnP Issues and Problems
When UPnP came into play, it was a miracle of technology as it automated the configuration process and helped manage local networks. You can permit networked devices like desktop computers, laptops, printers, internet gateways, WiFi access points, and mobile devices to seamlessly discover one another’s presence and establish a functional network service.
Sadly, the technology started to develop and evolved to the point where it began to establish connections outside the original scope. If the connected devices on your network are yours and yours only, then there is no threat you can face; it’s safe. However, a problem arises when you have instructed your router to facilitate other devices outside of your local network.
Following this, the UPnP protocol automatically opens up all doors and accepts all incoming requests by terming them legit, and the router starts accepting them. The protocol has not evolved enough to differentiate which device is legit and which connection is unreliable.
For instance, devices that are UPnP-enabled have open ports. The user of these devices is not asked about those open ports. Also, the protocol does not have an authorization procedure, so the user has to manually add various security layers by themselves.
There have been several incidents where UPnP-enabled devices allowed routers to forward public ports to IoT devices, which became open to the internet. Following this scenario, hackers from outside the network bypassed firewall regulations and gained access to those personally used devices.
How to Disable UPnP for good?
To disable your UPnP from your router, you can follow the steps below:
- Go to your browser.
- Enter the public IP address you have been assigned in the URL address bar of your web browser.
- Go to the ‘Advanced’ section.
- Find the ‘NAT Forwarding’ section.
- Select ‘UPnP’ and Disable it.
You can also create your UPnP-UP (Universal Plug and Play – User Profile), where you can allow only those connections which have authorization and fulfill the authorization requirements. But one thing must be kept in mind that every device does not support this personal profile. So, one must disable the UPnP software protocol for good and perform port forwarding from time to time.
Using a VPN after UPnP Disabled
You can also use a VPN after disabling your UPnP protocol, as a VPN will create a secure encrypted tunnel and send your traffic via that tunnel over the internet, thus making it safe. Some VPNs like NordVPN offer features like Port Forwarding, where it analyzes and protects you from external online threats.
Some VPNs like ExpressVPN, NordVPN, AtlasVPN, Surfshark VPN, and several others can also be directly installed on your routers, where they secure and encrypt everything outgoing and ingoing. They automatically block and remove all types of suspicious activities and malicious software.
Mirai is a malware that primarily converts networked devices into remotely controlled bots that are later used at a large-scale network to launch massive attacks. Mirai targets consumer-based devices like routers, cell phones, cameras, etc.
Hackers run a scan over the internet to source down those routers which have open telnet ports. These open telnet ports are because of the enabled-UPnP protocol. Afterward, those cyber criminals run credential stuffing attacks to crack the passcode of the router and gain access to the wireless network. From there, they installed the Mirai malware without the user knowing about it.
A CallStranger Vulnerability allows the hacker to attack and hijack users’ smart devices and infect them with a DDoS (denial of service) attack. Also, it bypasses the security solutions set in place by the user and conducts scans on the victim’s internal network and cause data loss and data breach.
Smart devices which support UPnP protocol can be hijacked, such as security cameras, printers, routers, DVRs, etc. Devices like these are targeted by hackers using these devices’ internet–facing interface as a point of entry. They execute the code on the UPnP function of these devices, which run on the internally-facing ports (inside LAN). Thus, the hacker performs data exfiltration and steals data from the internet-exposed UPnP-enabled devices.
The most secure thing to do is to disable UPnP on your router and make sure that your network does not become a participant in this kind of botnet attack.