This Router Setting is Putting Your Business at Risk

The Dangers of UPnP 

Universal Plug and Play (UPnP) is a setting that allows devices to connect seamlessly. The UPnP protocol allows Wi-Fi devices such as routers, printers, phones, computers and more to identify each other and connect stress-free. 

UPnP allows connecting devices to forward ports on your router. This is convenient as it means you don’t have to manually forward ports to new devices when you are trying to set them up. At home, you may have used UPnP without realising, as the large majority of household routers have UPnP on by default.  

While convenient at home, in the business setting using UPnP is a contentious cybersecurity topic. The accessibility of UPnP is also convenient for malicious devices. Keeping UPnP on is a tossup between convenience and security, and security usually wins. 

How Safe is UPnP? 

UPnP’s main purpose is to provide a hassle-free connection between two devices. Unfortunately, convenience usually comes at a cost. 

Most of the time, UPnP is a safe technology that simply provides convenience. The trouble comes when a device infected with malware connects using UPnP. When devices connect using UPnP, they often bypass firewalls to directly forward ports. This means devices infected with malware can effectively pass through unseen. 

Of course, this is only a problem if devices are infected. When standard, uninfected devices connect the protocol is secure and efficient. The trouble is, most people don’t know when a device is infected. 

A lot of the time, the safety of UPnP is decided by the router manufacturer as well. In recent years, router manufacturers have changed their UPnP configurations to be extremely cautious. For a long time, UPnP was seen as too unsafe to use at all, but new UPnP configurations are helping make the protocol safer. 

In many cases, routers will simply allow UPnP to take place regardless of the situation. For instance, they may forward a port to a completely unknown IP address elsewhere on the internet without needing permission. Manufacturers are taking these cases into account and making UPnP less lenient. Many routers still have poor UPnP implementation to this day, however. 

UPnP Cybersecurity Risks 

The main problem with UPnP is that it disregards a large portion of network security for the sake of convenience. Routers are generally well equipped to deal with incoming malicious connections. Safeguards like the firewall are put in place to filter out incoming threats. UPnP often disregards a lot of these security measures, directly forwarding a port to a potential hostile device. 

A common security concern is backdoors being installed in your network by infected devices. Let's say an employee is the target of a phishing attack and unintentionally downloads malware onto a company PC. This malware goes undetected and uses UPnP to bypass your firewall. Now your network has a backdoor that a hacker can move through undetected by the firewall. 

With a backdoor in place, a hacker can perform a host of cyberattacks, or use information gathered to orchestrate a larger attack. Hackers can use UPnP maliciously to do some of the following: 

• Spy on network activity and relay information back to the hacker. 
• Steal business information resulting in a data breach or loss of company intellectual property. 
• Hijack IoT devices on a business’s network and use them as part of a botnet. 
• Impersonate devices with high privileges to gain access to previously inaccessible areas of your network. 
• Install malware capable of locking your company data, resulting in a ransomware attack. 

These are just a few common examples of the dangers UPnP pose to a business. The list is by no means exhaustive. While UPnP is slowly getting more secure, hackers are rapidly finding new ways to exploit it. 

Should You Disable UPnP? 

In the overwhelming majority of cases, all the signs point to disabling UPnP. The service does have its use cases, but a lot of the time unnecessary harm can be avoided by manually forwarding required ports to incoming devices. This allows you complete control over open ports, making it much more difficult for hackers to get into your network. 

It can be argued that to use UPnP maliciously, the hacker needs to have already breached your network in some way. This is because connecting devices already have to be infected to use UPnP maliciously. This is true, but disabling UPnP helps create a zero-trust environment for your organisation. If UPnP is disabled, hackers can’t use it as an avenue to further breach your system. If your network is already infected, the fewer avenues a hacker has the better. 

The state of UPnP is also dependent on the state of IoT devices. A lot of IoT devices are not secure by design, and many do not receive adequate patches to fix security issues. Since it can be difficult to know if a device is insecure, disabling UPnP removes the guesswork. 

Use Securiwiser To Get Protected Today 

By using Securiwiser, you can stay ahead of the hackers. Securiwiser is a cybersecurity assessment tool that measures the strength of your organisation’s cybersecurity. 

Securiwiser provides an in-depth review of your cybersecurity posture. If you are concerned about open ports causing harm to your business, which you may be after reading this blog, Securiwiser has you covered. With a cybersecurity assessment, you will receive a health rating based on many factors including DNS health, network security, application security, and more. 

You can monitor your health rating in real-time to see how our advice is helping your cybersecurity improve. 

Click here for a free cybersecurity health check and learn how to get protected.