UPnP: What Is It and How Safe Is It?
UPnP stands for universal plug and play, and you must have come in contact with it without even knowing. UPnP comes into play when your computer or smartphone recognizes your new device, say printer for instance. Using a smart device like Alexa to play music a little louder is also a form of UPnP. It was made to make intercommunication between devices more convenient and makes the process of device discovery and communication automatic.
But what is UPnP and how safe is it with all the events if a data breach is going on?
Table of Content
- What is UPnP?
- How Does UPnP Work?
- The Danger of UPnP
- Security Risks of UPnP
- Ensure The Security of Your Home Network
What is UPnP?
UPnP stands for universal plug and play and it’s an easy way of allowing gadgets to find each other on the same network. It also allows you to modify your router so that other devices can connect. A UPnP client can get the external IP address of your network and include port forwarding mappings.
By this, there is greater convenience for users as they don’t have to go through the complex process of setting up new devices. This however puts your network at risk as it leaves room for a lot of vulnerabilities.
How Does UPnP Work?
Once you connect a UPnP device to your network, the first step is to obtain an IP address. This is achieved through DHCP, and it’s similar to the process involved in obtaining an IP address from any device.
After getting the IP address, the UPnP device will try to find a control point which in most cases is your router. Information like manufacturer, firmware version, model number, and the functionality of the device would be sent to your router.
For example, if you connect a printer that has UPnP features, it will provide your router with this information, letting your router know what printer it is. You won’t have to go through the complexities of installing the printer to your computer as the router would provide the necessary information, aiding in quick connection and installation.
With UPnP, entertainment devices can easily find each other, that’s why it’s possible to stream music between computers or play a song from your phone via Alexa.
The Danger of UPnP
Even though UPnP provides you with a lot of conveniences, it comes with a lot of loopholes and vulnerabilities to your network. One of the dangers of UPnP is the use of Pinkslipbot by hackers.
Pinkslipbot has been around since 2000 and has been infecting computers by installing key loggers and then sending back private banking details to C2 servers.
This approach makes it difficult for the security to notice any abnormality and warn you because to the admin watching the network, it would appear as if the user is on the web using it regularly even though the RAT is getting commands to log in user keystrokes and get passwords and other credentials.
To defend yourself against this, you will have to block the known domains that C2 uses. Hackers will try to find new spots on the web where they would set up their servers and it can be an exhausting process. Hackers came up with pinkslipbot to install a proxy C2 server so that the HTTPS can get to the real C2 servers.
Due to this, it’s difficult to have a comprehensive list of domains to block as there is no fixed C2 server and the enter web has become their field of play.
Pinkslipbot checks for UPnP before taking over the user’s laptop. If there is UPnP, the malware sends a request to the router to open a public port and in doing so, pinkslipbot acts as a middleman between RAT and the C2 servers.
You can frustrate the efforts of this attack by disabling UPnP and the port forwarding feature on your router.
Since UPnP opens closed ports into a firewall and gives an outsider access, it makes the presence of the firewall useless. So any malware could get through as if there is no protection as UPnP makes it seem you locked a door and left the key there.
Security Risks of UPnP
Once the malware infects your computer, they use UPnP to bypass security protocols that were meant to keep your device secure. This is because UPnP assumes that all programs are legitimate and so it allows them to forward ports. You would need to disable UPnP if this is an issue for you or you just want to prevent this.
Bad Implementation of UPnP On Routers
When UPnP is badly implemented, it can lead to security issues. It is known that most manufacturers of routers are not consistent with their implementation of UPnP and so the router doesn’t check input properly. By this, malware can run commands unhindered and redirect network requests easily.
You can use a firewall to prevent an attacker from exploiting vulnerabilities in your network. Such vulnerabilities could occur if you try to access a website with a particular flash applet. The applet could send requests to your router asking to forward ports.
With some routers, the flash applets change the DNS server by sending a UPnP request. If this happens, your traffic could end up on a different website and lead to data theft on a platter.
Ensure The Security of Your Home Network
By configuring your devices manually after turning UPnP off, you can further ensure the security of your home network. To do this, log into your router’s admin panel and go to settings. Deactivate UPnP from there. You will find your log-in credentials at the back of your router so check there if you have any difficulty.
Further ensure the security of your home network by:
- Use a VPN
- Setting up a Wi-Fi password
- Review all connected devices to your router
- Change the default password to your router’s admin panel
- Update your router’s firmware
UPnP has its good sides as it makes it very convenient to recognize and connect to devices. This convenience however comes with its downsides leaving your network easy to be attacked. UPnP isn’t the only way an attacker can get into your network and steal data or reroute your traffic as there are a lot of malicious tools available right now. So to ensure your security, you need to be vigilant and equip yourself with the right tools.
A VPN is a great start as it protects your requests and your connection generally. There is a lesser chance of data theft and your identity is also secured. Other practices that will help secure your home network are the use of a strong password, regularly updating the router’s firmware, and ensuring that all devices that are connected to your router are recognized by you.