Universal Plug and Play vulnerabity

I’ve never been comfortable with Universal Plug and Play (UPnP). It was dreamed up by Microsoft in an attempt to make networking easier for end-users and first appeared in Windows Millenium Edition (“Win ME”). I didn’t trust it then, and I still don’t trust it. The name “Universal Plug and Play” leverages Microsoft’s successful implementation of MS-Windows’ (benign) “Plug and Play” service, which first appeared in Windows 95. The UPnP name continued Microsoft’s tradition of confusing terminology and poor corporate communications in general.

UPnP has always skated on thin ice. For one thing, it contains no provision for authentication. It assumes that all UPnP objects reside behind a firewall and that no UPnP packets can traverse any public-facing router. These are naïve assumptions. I always disable UPnP, or at least I think that I disable it. (Some routers expose UPnP to the Internet no matter what the router’s admin instructs it to do!)

UPnP: Universal Plug and Play
UPnP’s discovery phase

Recently researchers, over a five month period, port scanned the entire IPv4 Internet multiple times, recording the IP address of each network device with exposed UPnP. They found 81 million vulnerable devices. Read the results:


shieldsupAre you vulnerable?
Check your Internet-connected local area network’s devices for exposure of UPnP capability to the outside world by using Steve Gibson’s ShieldsUP!.

UPnP bugs history
Apparently Intel, many years ago, published reference code in a library that demonstrated UPnP implementation. Most router manufacturers incorporated Intel’s UPnP library into their routers’ firmware. Intel’s UPnP library apparently contains bugs that can expose UPnP capability to the router’s WAN (Wide Area Network) port(!).

Read more: upnp-hacks.org.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s