I’ve never been comfortable with Universal Plug and Play (UPnP). It was dreamed up by Microsoft in an attempt to make networking easier for end-users and first appeared in Windows Millenium Edition (“Win ME”). I didn’t trust it then, and I still don’t trust it. The name “Universal Plug and Play” leverages Microsoft’s successful implementation of MS-Windows’ (benign) “Plug and Play” service, which first appeared in Windows 95. The UPnP name continued Microsoft’s tradition of confusing terminology and poor corporate communications in general.
UPnP has always skated on thin ice. For one thing, it contains no provision for authentication. It assumes that all UPnP objects reside behind a firewall and that no UPnP packets can traverse any public-facing router. These are naïve assumptions. I always disable UPnP, or at least I think that I disable it. (Some routers expose UPnP to the Internet no matter what the router’s admin instructs it to do!)
Recently researchers, over a five month period, port scanned the entire IPv4 Internet multiple times, recording the IP address of each network device with exposed UPnP. They found 81 million vulnerable devices. Read the results:
- The Register: UPnP scan shows 50 million network devices open to packet attack
- Techspot: UPnP flaws place millions of networks in danger
Are you vulnerable?
Check your Internet-connected local area network’s devices for exposure of UPnP capability to the outside world by using Steve Gibson’s ShieldsUP!.
UPnP bugs history
Apparently Intel, many years ago, published reference code in a library that demonstrated UPnP implementation. Most router manufacturers incorporated Intel’s UPnP library into their routers’ firmware. Intel’s UPnP library apparently contains bugs that can expose UPnP capability to the router’s WAN (Wide Area Network) port(!).
Read more: upnp-hacks.org.
Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695