UPnP devices are a security risk

Network and device security is an issue every business manager faces. There is a near constant stream of new threats emerging, the majority of which are targeted at software. A recent threat uses a new tactic. It is hardware based, and it puts millions of systems at risk.

At the end of January, numerous news and tech media services issued warnings about UPnP (Universal Plug and Play) enabled devices. This is a potentially big issue because of the widespread adoption of these devices and the fact that many of them have little to no security measures, which could open whole systems to attacks. So what is UPnP and how can it leave your business vulnerable?

UPnP defined
UPnP is a protocol or code that allows networked devices like laptops, computers, Wi-Fi routers, and many modern mobile devices to search for and discover other devices that are connected to, or want to connect to, the same network. UPnP protocol also allows these devices to connect to one-another and share information, their Internet connection, or media.

A good example of UPnP in use is your laptop. When you first connect your laptop to your router, you likely have to enter a password and maybe even the router’s network name. Without UPnP you would have to find the network and enter the password each time you want to connect to the Internet. With UPnP, your laptop can automatically connect whenever it’s in range.

Why is UPnP a security threat?
UPnP has been in use for the better part of seven years, and has since come to be found in nearly every device that connects to the Internet. While UPnP was written for devices such as Wi-Fi routers that are targeted at the home user market, many businesses also use these devices because home user hardware is often easier to set up and less costly than their enterprise counterparts.

Because of the sheer number of devices that use this protocol, and the fact that it’s engineered to respond to any request to connect to the device, it makes sense that this could be a security issue. A recent study tested the security of UPnP and revealed some interesting results.

Rapid7, the company that conducted the study, sent UPnP discovery requests to every routable IPv4 address. – IPv4 (Internet Protocol version 4) is a set of protocols for sending information from one computer to another on the Internet. A routable IPv4 address is one that can be contacted by anyone on the Internet. They found that over 80 million addresses used UPnP, and 17 million of these exposed the protocol that enables easy connection to the system or device. This can be easily exploited by hackers.

In other words, 17 million systems, many of which could be businesses, are open to attack through a UPnP device. This security threat opens networks to attacks such as “denial-of-service,” which make resources, including the Internet, unavailable to the target.

Can we do anything?
Most experts are recommending that you disable UPnP on your networked devices. The first thing you should do however is to conduct a scan for vulnerable UPnP devices on your network. Tools like ScanNow (for Windows) can help you search. For many, this is a daunting prospect, as the chance of creating more issues is just too great.

We recommend contacting an expert like Providence, who can conduct a security analysis and advise you on steps you can take to ensure you are secure. If you use UPnP devices, or aren’t sure whether or not they are present in your office, and are worried about the security of your systems, give us a call today. We may have a solution for you.

Published with permission from TechAdvisory.org. Source.

Scroll to Top