Universal Plug and Play (UPnP) Vulnerability

Research by a company called Rapid7 showed that millions of routers have a Universal Plug and Play (UPnP) vulnerability. Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other’s presence on the network and establish functional network services for data sharing, communications, and entertainment. UPnP is essential for some services if you are not familiar with configuring routers and opening ports. The problem with the UPnP vulnerability is that it can allow an attacker to take over your router and have access to your network from anywhere in the world.

You can use the GRC ShieldsUp online test to see if your router is vulnerable. If you pass, you should be fine. If you want a second opinion you can also use the test on the Rapid7 website. If your router does not pass these tests you should consider turning off UPnP in your router. If you do not know how to log in to your router, jump on Google and start searching. Once you have turned off UPnP, start looking for a firmware update for your router. Hopefully router manufacturers have been listening to the news about UPnP.

If you want to know more about the UPnP vulnerability you should watch or listen to this version of Security Now.