The News‎ > ‎

UPnP is like the Death Star...super cool and strong, but with one weakness

posted Jun 22, 2012, 8:42 AM by Leigh Williams   [ updated Jun 22, 2012, 8:56 AM ]
We've all come accross UPnP (If you don't know what it is, just think of DLNA as it makes use of the UPnP protocol), especially the last couple of months. It is everywhere: televisions, Blu Ray players, cell phones, cameras, white bread etc. UPnP is like having an awesome Samurai Sword, If you have it, you want to use it, show it and flaunt it.
But, have you ever realized that, for example, when you switch on UPnP on your phone, it miraculously appears on your other devices also running UPnP? Have you ever realized that you don't have to enter any passwords, PIN numbers or anything to authenticate yourself? You probably told your friends "Look how awesome it is! You don't even have to enter a password! It just works and you can browse photos, videos etc from you phone directly on your TV!" Well, you probably didn't say "etc".
 
Well, when you forget to turn off your UPnP, and you, for example, connect to a public WiFi network where someone is actively scanning for devices running UPnP, they probably also shows their friends and are saying exactly the same thing..."Look at how awesome this is! I can browse someone elses phone without having to enter any password!" Also, when someone breaches your home WiFi network, the same thing applies.
 
The reason for this is bacause the UPnP protocol does not implement any authentication. So UPnP device implementation, such as Windows Media Player, should cater for authentication themselves (like the Windows Media Player UPnP does where you first have to grant the connecting device access). But alas, a lot of UPnP implementations still do not cater for authentication...
 
To protect yourself, make sure you switch off UPnP when it is not used, or make use of implementations that implements an authentication layer. Also, make sure you protect your wireless network (or any other network) by applying stringent password and authentication controls (and any other security controls there might be) to prevent it from being breached.
 
So get cracking on remembering to switch off UPnP and securing your network!
Comments