what is upnp

What is UPnP and why is it unsafe?

8 Mins Read

Port ForwardingGamingWhat is UPnP and why is it unsafe?

Back in the early 2000s, our homes pretty much only had one internet-connected device: one single PC, that’s it. As more devices connected to the internet, a router needed to sit between the modem and the rest of the devices on your network, which means your router was handling traffic for so many devices and not necessarily knowing how to direct inbound traffic. 

That meant that any device connecting to your system didn’t necessarily know how to communicate with the exact device sitting behind the router. After all, they got your public IP address, but there were other directions in the communications packet. This is where UPnP and the term port forwarding comes in. If a device or server wants to connect with your device directly, you have to port forward your router to send a specific request to a specific device. UPnP can automatically port forward a router, saving you the hassle of manually port forwarding any device.

What Is UPnP?

First off, if you don’t know about UPnP beforehand, then port forwarding can be a better option. UPnP means Universal Plug and Play that you can use on your PlayStation, Xbox, or computer to connect to a host game server. UPnP helps other devices connect to your network quickly with zero configuration but opens the door for hackers to perform malicious activities into your network. Also, It can go either way as well. Maybe you are hosting a game server and want other online players to find and connect to the right server easily. That’s how UPnP works.

In simpler layman terms, UPnP creates a strong connection between two devices connected to the internet. The good part about using UPnP is that it builds a clear connection between two devices or servers. The annoying part is that it doesn’t really enhance your internet speed or remove any bandwidth problems, even if you use a wireless internet connection or wired cable.

what is upnp

What Is Port Forwarding? 

We won’t say UPnP is garbage in this section while explaining port forwarding. But we will tell you which one you should use, especially if you host game servers or play MMO games like COD: Cold War or Minecraft. Port forwarding is a way of telling your router to redirect a specific request to a specific device. 

All you have to do is change some numbers on your router’s configuration menu to port forward any router or device. We have many setup guides on router port forwarding, so you can take a look if need be. Using UPnP is more convenient, while port forwarding is a lot safer from a privacy standpoint.  

Some people go for security, and some don’t. Who are we to judge? But if you are creating a secure connection between two devices via port forwarding, you are compromising convenience. UPnP, on the other hand, offers convenience but doesn’t guarantee safety. This can be a real dilemma! We suggest port forwarding because you should never take a chance on personal security.

Learn more about What is Port Forwarding.

Most Common UPnP Uses:

UPnP is the best way to avoid installing drivers on your computer and creating a connection between devices more quickly. Now that you know how UPnP works, let’s discuss the common use cases in your everyday life. Here are a few of them: 

  • Controlling smart devices at home like Amazon Echo, thermostats, or Smart Ring Lights;
  • Connecting Xboxes and other gaming consoles to stream online games;
  • Exchanging large media files such as videos or photos;
  • Playing videos via multiple internet devices;
  • Creating a stable connection between your device and a game server;

Is UPnP Better for Online Gaming? 

UPnP is like auto-matchmaking for two devices on the internet. You have to use UPnP to connect a connection with any server or device. But like we said earlier, UPnP doesn’t have any real-time impact on your latency, internet speed, or bandwidth. To make a long story short, if your internet connection is slow af, UPnP will not magically make it work faster. 

However, you can maintain stable connections with P2P game servers for longer hours via UPnP. You can’t play specific games on a NAT router if your UPnP is turned off or disabled. We won’t suggest turning on UPnP and poke holes in your NAT firewall because you wish to play games with 100 other people. Security weighs more than entertainment.

How UPnP Solves NAT Traversal

UPnP is also helpful in solving the NAT Traversal problem. It often happens that the NAT changes the IP address of the internal computer to the NAT device. When the addresses don’t match, the receiving computer often drops the packet, which leads to problems in p2p file sharing and using VoIP applications.

A solution to this problem is the Internet Gateway Device protocol, which is implemented via UPnP. This protocol allows the UPnP control point to perform a variety of actions. By adding a port mapping, the UPnP controller can enable traversal of the IGD from an external address to an internal client.

Is UPnP Safe or Risky?

UPnP is not safe due to many security issues! Picture this: you are opening ports to allow incoming external devices to make a connection with your device and get around the NAT firewall. This openly exposes your computer or any other device to unwanted connections and even hackers. 

Let’s assume for a moment that UPnP is actually secure, but malware or DDoS attacks can intercept the connection and steal all your private information in this way. Also, the host can see all the IP addresses of connected devices, so there goes your privacy: into the garbage disposal.

Once the hackers get into your network, they can:

  1. Get remote access to your device and other devices connected to the same network;
  2. Can access your confidential information;
  3. Implement malware on your devices;
  4. Hide malicious activities using your router as a proxy and perform various attempts to steal your bank details, phishing attacks, DDoS. These attacks will look like they are coming from you instead of hackers because of the proxy mechanism that hackers implemented.

A piece of advice: You can, however, reduce the security risks related to UPnP by using a reliable internet firewall or a port forwarding add-on, as well as using malware detection software now and then. Don’t forget to update your router too. If you are a person who is living solely to play games, then always use paid servers for extra security.

is upnp safe

Problems with UPnP

UPnP might offer convenience to the end-user, but it has several risks attached to it that any hacker can exploit. Although the UPnP was originally supposed to work on the Local Network only, most router manufacturers now enable UPnP by default. This means that this feature is now discoverable from the Wide Area Network, leading to security issues.

A major problem with UPnP is that it doesn’t require any authentication or authorization. Although this adds a lot of convenience for us, it’s also very risky. It allows hackers to find backdoors into your network and get remote access to your devices with ease.

A hacker can easily send a UPnP request to your router, and the router would open a port with any need for authorization. The hacker can then hack into devices and install malware into them or steal personal information. Hackers can also start using your network as a proxy to perform malicious attacks on the internet, such as DDoS and phishing attacks.

There have also been cases where the NAT Traversal solution mentioned above was used to hack into router devices using UPnP. There are even tools available to exploit this method to the hacker’s advantage and make the router vulnerable to threats.

IGMP snooping and Callback Vulnerability are two other dangerous flaws that result from UPnP.

What Happens If I Turn off UPnP on My Router? 

Before we move on with the answer to this question, you should know that many routers come with a pre-installed UPnP configuration setup. So, you have to check first whether or not UPnP is disabled. Now back to the question. If you turn off UPnP on a router, then you won’t be able to play some specific games and can’t connect to other UPnP compatible devices. 

Disabling UPnP may prevent you from joining a large game server (Fortnite, Minecraft, or Call of Duty) and protect your home device and IP address. For home security purposes and privacy concerns, don’t enable UPnP, especially if you work in corporate environments.

Pros and Cons of UPnP

Here are the advantages and disadvantages of UPnP.

Pros:

  • Allows real Plug and Play compatibility.
  • Upnp is used for NAT traversal or Firewall punching.
  • It is backed by various prominent vendors and companies like Microsoft and Intel, making it an industry standard.
  • UPnP is an ideal architecture for home devices and networks.

Related: NAT Types

Cons:

  • Control points do not require any authentication. Hence any program on your computer can ask to forward a UPnP port.
  • UPnP has no official implementation. Hence every router has its application; many deployments have bugs or give an open passage to malware.
  • Any malicious program on your network can use UPnP the same way a legitimate program uses it.

How to Protect Yourself?

Protecting yourself against malicious actors is of great importance in today’s highly vulnerable digital world. To protect yourself against UPnP router vulnerabilities, here are your options:

  • Enable UPnP-UP (Universal Plug and Play – User Profile)

This setting provides authentication and authorization for UPnP devices and applications. While this is not a fail-safe method, it’s a step towards protecting yourself.

Several devices don’t fully support this functionality, and despite having this enabled, they might continue to assume that other devices connecting to your router are reliable.

  1. Disable UPnP

The other method is to disable UPnP altogether. However, just before you head over to do that, it’s advised that you check whether your router is exposed to UPnP exploits.

FAQs

Why do I need UPnP for PS4?

UPnP helps you change NAT type from Strict NAT to Open NAT on your PS4 or Xbox console. Enabling UPnP is simple as it can be enabled through your router.

Ather Owais Ather Owais is a tech and cybersecurity enthusiast. He is a strong advocate for online privacy and security, following technological trends and their impact on today's digital era.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.