Monday, May 18, 2015

Keep Your Home WIFI Network Safe - UPnP May Leave You Vulnerable To Attack

The UPnP protocol has always been somewhat of a security concern, but findings by Rapid7 have demonstrated that it must now be taken seriously. UPnP was designed to allow easy discovery and setup of various devices (routers, printers, media servers, DVRs, webcams etc.) on a local network. Unfortunately, UPnP does not have any type of authentication - no passwords. This might be OK within a local network, but it's potentially very dangerous when enabled on the WAN or Internet side of your router. Apparently, this is the case for some 40 million devices.

We now know that many home routers accept UPnP requests from the WAN (external side) of the router interface. This means that anyone on the Internet who has the IP address of the WAN interface of your home router can send a UPnP request, and your router will respond. This creates a direct "backdoor" into your local network. It's like giving a Burglar the keys to your home. So, what can you do?

First, log into you router's administrative setup from a browser. The procedure (IP address and Credentials) will vary depending on the manufacture of your device. Find UPnP in the advanced settings and turn it off. Note that this simply turns off UPnP on the inside interface of your router. Unfortunately, this may not completely solve the issue. Next, you need to determine if your router is vulnerable on the exterior (WAN side) interface. Many thanks to Steve Gibson for providing a port scanner that will run a UPnP external test against your router. Go to to run this test. Click on SERVICES and SHIELDSUP! and then select PROCEED. Select GRC'S Instant UPnP Exposure Test. This will scan the external interface of your router and report on your vulnerability status. If your router is exploitable, and you have shutdown UPnP as indicated above, you should check and make sure that your router has the lastest Firmware Update. Update the Firmware according to the manufactures instructions and run the scan again. If your device remains vulnerable, you will need to look into purchasing a new router that is not susceptible to this flaw.

Another alternative, although not as convenient, would be to close ports 1900 UDP and 2869 TCP (if you are using Windows) in your Firewall Settings.

Finally, if you do need to use UPnP on your local network and you are "technically savvy" consider replacing the firmware on your router with Open Source Products like "Tomato" or "DD-WRT".

For more information about securing your WIFI router check out this post.