Universal Plug and Play (UPnP)

What is Universal Plug and Play (UPnP)?

Universal Plug and Play (UPnP) is a standard that lets network devices automatically find, communicate with and control each other. It is used by routers, computers, printers, game consoles and IoT devices. It uses industry standard protocols such as IP, HTTP and Extensible Markup Language. It is designed for home use.

UPnP is designed as a simple way for home users to connect network devices without needing to configure them or deal with incompatible standards. They can simply plug everything into their home network and everything will work seamlessly.

UPnP is considered a consumer technology. It does not scale well for large organizations and should not be used on company networks.

Is UPnP Safe?

UPnP is considered safe for home use, but many devices may use UPnP to configure themselves or other devices in an insecure way. It is often recommended to disable it.

To illustrate a problem with UPnP, think of a network-connected security camera. The user might expect that their camera video is private. However, it automatically let anyone on the internet watch its footage. It does this by being configured out of the box to use UPnP to open a port on the router to the internet.

Imagine a home network as an apartment building where every device is a different apartment, and the router is the locked front door to the building. Most neighbors are diligent about not letting strangers into the building.  Other neighbors might accidentally leave the front door to the building open, letting anyone in. A bad neighbor might actively let undesirable people into the building. This shows how one device can compromise network security accidentally.

Is UPnP needed for gaming?

Most modern games don't need UPnP and instead use server polling. In this type of communication, the game console or computer talks to a central server only and gets all the data it needs to work.

Some games may still use UPnP to set up multiplayer games. This is most common when one game console or computer acts as a server or host and needs to accept incoming connections from the internet. The local device uses UPnP to set up port forwarding and inbound firewall rules on the router to let traffic from the internet into the home network.

Instead of using UPnP, manual rules can be used on a home router. This usually requires custom configuration for each device or game and may be difficult for some home users. It is more secure than using UPnP, however.

What is an UPnP media server?

An UPnP media server is a way to stream media, such as pictures, music and video, on a home network from one device to another using a standard UPnP-based communication protocol. One device acts as a server and has all the media stored on it. The server is configured to accept commands using UPnP. A client can then communicate with the server to start streaming the content. Digital Living Network Alliance is an additional media server standard that uses UPnP.

Popular UPnP-compatible media servers include the following:

• Plex.
• Kodi.
• Jellyfin.
• Some ASUS routers.
• Some D-Link routers.
• Synology NAS.

How does UPnP work?

UPnP uses several standard networking protocols to function. It uses HTTP sockets running on an IP network. UPnP devices listen on UDP port 1900 for incoming requests. When a device joins the network, it will send a broadcast or multicast request to all devices on the network seeking other devices, known as control points. This is known as Simple Service Discovery Protocol (SSDP).

Once another control point is found, the devices communicate directly with each other by IP address. The device publishes information about itself in an XML file. This will contain data such as its name, manufacturer, serial number, available services and available commands. The devices can then communicate by passing commands or actions to each other over HTTP.

How to disable UPnP?

UPnP may be turned on or off on each device that uses it. Most commonly, however, UPnP is disabled on the network router to prevent devices from opening security holes into the network.

Consult a router's documentation for detailed directions on how to disable UPnP. Simplified steps include the following:

• Go to the router's settings page and log in. This can often be done by going to 192.168.1.1 in a web browser.
• Go to the network settings page. This may be under "advanced" options, firewall or WAN.
• Set UPnP to disabled.

See how how to secure your home network while working from home. Learn about 12 common network protocols and their functions. Explore network security management best practices and challenges.