While the security of UPNP (Universal Plug and Play), has long been questionable, a new report has come out about how insecure it really is. UPNP is used by many gaming systems to tell routers to allow computers on the outside to initiate connections to computers behind the router. While used primarily by gaming software, malicious software can also do the same.
If this is not bad enough, many routers will also also allow computers on the OUTSIDE of the local network to command the router to open up and allow outside access. Some routers even allow inside and worse yet, computers on the outside to redirect Internet traffic to other computers on the outside!
How is this bad? Well, for starters, if you have a network video camera set up on your local network, software on the Internet can connect to your router, use it to scan devices on the inside, and then, if the video camera is detected, allow an intruder to tell the router to allow access to the streaming video. If the camera itself is not password protected or vulnerable to attack, it can allow an intruder full access to the camera.
If your router also allows commands to redirect traffic to the rest of the Internet, then intruders can redirect spam through your router so that the spam appears to come from your Internet account. This type of insecurity can also allow your router to redirect requests for illegal files through your Internet account, and if the authorities are looking out, then you will be the first person contacted.
This is not just a theoretical problem. I have actually written software to test this exploit. I installed this software on the computer that hosts websites I run. I enabled UPNP on my router and ran the program. This program instructed the router to allow connections to each of the possible two hundred fifty four addresses of the local area network and see if a connection is allowed, denied, or receives no response.
The program found the configuration service for my printer, 6 video cameras, two v.o.i.p. telephones, as well as a media server. Had any of these have not been password protected, an intruder would be able to see my yard, listen to conversations in earshot of the phones, and been able to scan any documents left in my printer.
Fortunately, all these are password protected. However, if there are no passwords on these things, or if there is a factory password, it is relatively easy for an intruder to gain full access. This is the case with a majority of these devices. Since this program also detects when a computer sends a connection refusal, it can detect computers on the network that send a connection refusal message.
Another program can then scan devices on the local network and find service that are running on these.
What to do? The answer may be easy. In many cases, it is possible to set the router to turn off universal plug an play whenever it is not being used. Gamers or others who need Universal Plug and Play can turn it on temporarily if there are no alternatives as long as each service on each device has a secure password. It should be turned off as soon as it is no longer needed. When turning UPNP for the first time, it is good to tell those who use the network so if something doesn’t work right, there will be an idea on what may be causing the problem
Another solution is to contact the manufacturer of the router or modem with the defect and request a software update. Not all routers or modem combinations are vulnerable to outside access, but many are. If I can write the software to scan and connect to computers on a network that uses a vulnerable router, so can many others.