UPnP and easy access through the WAN port of routers.

For this post I have decided to write about something that hits pretty close to what I do for work. I do technical support for a VoIP service which often has me remotely connecting into customer’s networks to change settings, so that our product will not interfere or be interfered with by their firewall. Customers often bring up concerns about my ability to do that, in which i ensure them it is in a controlled environment and they will know at all times what I am doing and when I am disconnected. There are of course other ways to connect into somebody’s router without using a controlled service to facilitate the exchange, one of which I was recently told about that I find particularly interesting.

Universal Plug and Play is something that has been around for about ten years, a feature that allows us to connect a device and have it instantly communicate within the network without being bothered by any sort of NAT or firewall. A very interesting article entitled “Universal Plug and Play: Dead simple or simply deadly?” was written about it in 2006 by Armijn Hemel, and although i don’t want to just quote directly from the article (but would suggest reading it) I wanted to point out some of the more interesting points in it. It basically just states that by connecting a device into a router, there is a message that is sent back and forth between the devices that allows for the newly connected device to automatically connect without being harassed by any sort of security. By sending that same message via UPnP packets with the right information to a router, a hacker can automatically get full control through the WAN side of anyones router. That would give them full control to reconfigure a router in any manner that they want to, which could potentially cause serious damage and frustration to a user. They would also have access into the LAN side of your network. The really interesting part of this is my opinion is not only has this problem been known about for at least 5 years now, but routers still come shipped with UPnP enabled by default. I deal with routers everyday which are open to that sort of attack due to the port constantly being open.

The easiest and obvious fix for this situation would to go into the router and disable it, and it is highly suggested that instead of relying on UPnP to easily connect devices, you instead go into your router and open up ports going to whatever device is plugged in. Easy for most of us, but obviously non-technical people who don’t really understand the workings of a router or their network are not going to be able to do this, or even know what they are looking for as far as opening ports.

The article itself is pretty interesting and if anyone is interested in reading it they can find it here: http://www.sane.nl/sane2006/program/final-papers/R6.pdf