Upnp security

Does using upnp pose a security risk when in use?

Hi @Trevannie, this was discussed in some depth recently on another thread.

There is a lot of info on www, try a web search
Its a throwback to some material from FBI in the early 2000’s. The detail in this was misguided & was fixed with vulnerables protection in software.
Bottom line is if your equipment such as computer OS, NAS & router/wireless hub is correctly set up & up to date with malware protection, there is no risk.



If you are talking about home streaming, then no.
Though to be clear you need to define what you mean by security risk… the biggest security consideration I suggest would be around availability and so would mean ensuring your media is backed up and restorable.
Integrity and confidentially are the other key security considerations.
UPnP offers no standardised authentication methods, but it is designed for home networks where typically there is no general user authentication methods, other than a common PSK name/password for Wi-fi… which is only of low level authentication assurance, but is fine for most home networks I suggest. Most larger businesses would use 802.1x or similar authentication methods here for Wi-fi and Ethernet.
As standard UPnP streaming has to reside in its own subnet and is primarily a layer 2 application, so isolated from the internet. UPnP streaming doesn’t as standard support TLS for media transfer as would unlikely offer any benefit on a home network and would require more user setup complexity.

By modern methods, most home/domestic networks and their services offer only low level security assurance in my opinion, but given most likely attack vectors is probably proportionate.

For home networks I suggest the biggest protections is to use a modern Wi-fi WLAN authentication method, ensure you have virus/malware detection software on connected clients and general servers such as NASs etc, and the most important consideration is everyone who uses your networks is aware of phishing techniques and traps so as to avoid them.

There seems to be confusion on the term UPnP, not helped perhaps because it refers to a range of protocols and applications.
UPnP as used in routers is all about a way of of defining specific ports on the router for specific applications to use as they communicate between the home LAN and the internet… what is known as port forwarding.
If you disable UPnP here then typically you need to manually configure the port forwarding as instructed by your software application vendor if port forwarding is required…

The vulnerability with UPnP port forwarding is that typically there is no authentication of who is raising the request, so for example if you have already been attacked, a malware programme could open up your router more.

Most routers do log UPnP activity and so if you see something you don’t expect you can take protective action.

UPnP as media transfer / DLNA is something quite different, and does not use the routing functions of your router,

I made the same point in the other thread on UPnP security about the distinction between UPnP on the router vs. UPnP for streaming. The comments in that thread were not making this difference sufficiently clear, it seemed to me.

The security threat posed by UPnP relates to enabling the UPnP function on your router, not when using it for UPnP streaming. That threat is real and current as it can be exploited by malware to silently open up access to your network from the internet.

In summary:

  1. Local UPnP streaming and the UPnP function on your router are quite different.
  2. There is no security issue using UPnP streaming on your local network.
  3. If the UPnP feature is enabled on your router, disable it to remove a potential security hole.

I’d agree, apart from I wouldn’t recommend disabling UPnP on your router if you have applied good hygiene and practice on the clients on your home network.
If you do disable, then you should be prepared to manually configure, both enabling and disabling, specific port forwarding config on your router.
It would be better to undertake a weekly check of the UPnP updates your router will have applied, and ensure it correlates with services you are aware of. It won’t be silent if using a quality router from a quality ISP or similar as it will provide this monitoring.
It’s what I do… and there are not that many UPnP port forwarding requests per week on my home network. This method also provides a degree of protective monitoring which would indicate if you haven attacked and exploited which you might not otherwise be aware.

The real important aspects are virus protection, malware protection (don’t forget servers like NASs) and good anti phishing practice from the users (family) on your network.

Thanks for the comments and advice… been very helpful and reassuring re the streaming risk.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.