Cyber Security & Technology to help you stay safe online

UPnP: Just Say NO!

You have Internet at home. It’s provided to you through the phone line, TV coax, fiber optic, satellite… there are different methods to obtain Internet service into your home.

In order to access the Internet, you need a router. Many times it’s provided by the ISP (Internet Service Provider), the one providing you with the Internet. Sometimes they offer your their router but with a monthly charge, sometimes for free after you sign up, sometimes you need to buy your own. One way or another, you have a router.

That router may also be the device that gives your home wireless Internet (Wi-Fi).

I say all that to get to my point: The router is the device that controls your devices’ access to the Internet, and the Internet coming to you. But what do I mean by that?

All routers will filter-out Internet traffic that you don’t want entering your home. Remember, everyone is on the Internet, and all of their devices are accessing… something. Websites, video on demand, email… there’s lots of activity on the Internet.

There’s a feature within most routers that support “UPnP”, which stands for Universal Plug and Play. Many devices (think printers, Xbox, various IoT devices), want Internet access. To make it convenient for you, the device can talk to your router and activate UPnP.

But what does that do? The device will tell the router that it needs to connect to the Internet. Okay, so far… Then it tells the router that in order for it to properly function, it needs to allow outside connections to it.

You read that right: Outside connections, meaning things that are not in your home – they’re outside your home, somewhere in the ether of the Internet.

It’s all done for convenience, but it’s also a bad idea.

When it opens itself to the Internet, it’s accessible from the Internet.

A few years ago, a hacker exploited home and office printers that were connected to the Internet. Many of them were accessible thanks to UPnP. The hacker was able to tell thousands of these printers to print a document. It was a harmless prank – harmless in that no one was hurt – but the hacker managed to successfully print out his message to tens of thousands of printers.

When UPnP was first introduced, it was made to be a convenient factor for people that didn’t want to go through many configuration steps on their router to grant their device Internet access, so this made it simple for them. But, it’s a two-way road… literally. Now those devices are accessible to anyone that knows how to talk to it.

The reality is, most devices don’t really need it this functionality enabled, and that’s what I’m writing about today: Disable UPnP. Go into your router’s configuration and search for “UPnP”. If you see it, ensure it’s disabled / not enabled / turned off. Period.

With it disabled, your devices will still work fine. They need access to the Internet? Your router will still grant them access… it just won’t let anyone on the outside to get in, which is the goal.

It’s essentially a legacy feature that manufacturers still include in their router software. You don’t want it. You don’t need it – disable it now!