Hardware | UPnP a Security Risk?


on your router, (the device that connects you to the internet) is a software switch. you need to login to this router to see this setting.
the setting to look for is, UPnP.it is advisable to untick/disable this feature.about 80 million routers on the internet have been scanned and discovered that a hacker could 'break' into your local network (LAN).having this feature on and you are scanned, could result in a hacker gaining access your computer.
Here's what you need to know about Universal Plug n' Play (UPnP):
- UPnP has been provided and enabled by default in consumer Internet routers since 2002 or 2003.- Today, any home appliance — TV's, DVD players, game consoles, IP cameras, printers, fax machines, and you-name-it, includes support for UPnP.- UPnP is a “zero-authentication” (no passwords required) system for allowing networked devices to discover and easily connect with each other on a private local network.- Additionally, software such as Skype and BitTorrent, and gaming consoles, which wish to be “seen” on the Internet, are able to use UPnP to open “holes” through the protection normally provided by routers in order to allow “unsolicited” traffic to enter.- THE HUGE MISTAKE IS: No part of UPnP was EVER MEANT to be exposed to the EXTERNAL public Internet. It was only ever meant for private local control of devices and routers. Its exposure gives malicious hackers direct access to the inside of any exposed private network. It was a huge mistake for it ever to be exposed. Router manufacturers are at fault, but all they can do now is offer updated router firmware. Now that the mistake has been made, responsibility rests upon router owners to somehow eliminate that exposure.

The Security Now! podcast episode (#389) which immediately preceded the addition of this UPnP exposure testing facility, is available as a video on YouTube. During that presentation, I explain to Leo (TWit network) and the podcast audience exactly what HD Moore and Rapid7 discovered during their comprehensive scanning the Internet during the second half of 2012, and I explain what it means for those whose Internet routers are exposing this privileged management interface:

youtube / vUnplug UPnP - Security Now 389

other links;
http://www.grc.com/unpnp/unpnp.htm
http://www.upnp-hacks.org/upnp.html
http://toor.do/upnp.html

http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/