Written by Deepan Ghimiray
Published on June 23, 2022

What is UPnP?

Universal Plug and Play (UPnP) is the system that automates device discovery on a local network, allowing different devices on the same network to automatically identify and connect with one another. Although quick and convenient, UPnP can also leave networks vulnerable to cyberattacks and hacking.

This article contains :

    A key benefit of UPnP is compatibility. Usually, devices connecting to a network require manual port forwarding, but UPnP simplifies network connectivity. It uses standard networking protocols — like TCP/IP, HTTP, XML, and SOAP — so that almost any device can automatically connect.

    Common devices that use UPnP include smartphones, printers, smart TVs, routers, and game consoles.

    How does UPnP work?

    Most of the time, the way UPnP works is simple: you bring home a device, connect it to your local network, and it instantly connects to your other devices. But under the hood, the process is more complicated.

    Here’s how a device uses UPnP to connect to a network:

    1. Addressing: A new device joins a network and is assigned an IP address.

    2. Discovery: The device shares its IP and other identifying information with other devices on the network.

    3. Description: The device displays its unique services to the network.

    4. Control: Other network devices (clients) start interacting with the new device.

    5. Eventing: Clients start subscribing “event notifications” to the new device, informing it when its services are needed.

    6. Presentation: Sometimes a device can contain a URL that a client can access to get information or be used to change device settings.

    A lot of online troubleshooting begins with your IP address, so it’s helpful to know how to find your IP in case you need it. And no matter if you use a public or private IP address, learn how to hide your IP address to keep your device from being identified on unsafe public Wi-Fi networks.

    What is port forwarding?

    Port forwarding, also called port mapping, establishes connections over the internet between devices on a home or local network and those on other private or public networks. Port forwarding creates an association map between devices on a router’s local area network and its public, wide area network.

    UPnP automates the port forwarding process. It allows apps and other devices on your network to open and close ports so they can connect with remote devices.

    Although convenient and fast, UPnP and port forwarding can be dangerous. Both protocols allow potentially infected devices to skip security procedures and connect directly to a network, potentially creating huge vulnerabilities. Unlike port forwarding, UPnP network connections are automatic, so its security is arguably worse.

    What is UPnP used for?

    UPnP is used to conveniently connect different home devices — such as printers, gaming consoles, and smart home devices — in the same local network. As technology becomes more interconnected, the ability to quickly connect different apps and devices within the same network becomes more important.

    Here are some of the most common uses of UPnP:

    • Internet of Things (IoT) devices

      Whether in a smart home or at the office, IoT devices work best when interconnected with other devices nearby. UPnP unites all these devices without any hassle. But with the convenience of synced IoT devices, comes a variety of new risks — it’s now more crucial than ever to protect your IoT devices.

    • Streaming Video
      Internet TV devices like Apple TV and Roku sticks have helped video streaming cut into the cable TV market. UPnP helps these new bits of technology connect to your TV or monitors with ease.

    • Gaming
      Game consoles like Nintendo Switch need network access for online gaming. UPnP quickly links your console to your network so you can start playing immediately. For optimal gaming, performance and security are also crucial. Before your next session, learn how to boost your gaming rig and discover if you should use a VPN for gaming.

    UPnP helps network devices connect to each other for easy discovery and quick communication.UPnP helps network devices connect to each other for easy discovery and quick communication.

    Is UPnP safe?

    UPnP is generally safe as long as your router is updated and secure. If not, UPnP poses serious security risks, since it’s built into many new devices — even unverified ones connected to your network. If a device is infected with malware, it could bypass security restrictions and infect other devices on your network.

    So, should you enable UPnP or not?

    Although potentially dangerous, the convenience of UPnP usually far outweighs the risk. Take steps to verify the safety of devices you introduce to your network. And if your network is infected, remove router viruses or other malware immediately.

    How can cyber hackers exploit UPnP?

    Usually, routers can secure your network from external threats, especially when coupled with a strong firewall. But, UPnP can poke holes in security barriers, letting hackers exploit vulnerabilities in the network.

    Here’s how hackers can exploit UPnP:

    1. Usually hackers begin an attack by secretly infecting a device with malware — often via a phishing scam.

    2. Through UPnP, the infected device is introduced to a network, giving hackers secret access to the network.

    3. Hackers have ample time to do their damage, because this “backdoor” access can go unnoticed for a long time.

    Once a hacker access a network, they can:

    • Steal sensitive data or sell it to data brokers.

    • Encrypt data and hold it for ransom.

    • Take over a victim’s system to launch a DDoS attack.

    • Breach a victim’s website.

    UPnP vulnerability can lead to a variety of damaging security risks. But, with AVG AntiVirus FREE you can protect yourself from the wide array of threats out there. Its six powerful layers of malware protection can help keep your devices and network safe — stopping hackers in their tracks. Install AVG AntiVirus today and fortify your network connection the easy way.

    Examples of UPnP cyberattacks

    Because UPnP skips the usual security protocols, there are many opportunities for hacking. Since its invention in 1999, the list of UPnP security concerns has continued to grow. Throughout the years, the most dangerous hackers have carried out many high-profile UPnP cyberattacks.

    Here’s a look at some of the most famous UPnP cyberattacks:

    Flash UPnP

    First seen in 2008, the Flash UPnP attack is activated by clicking on a Flash applet on a website. A malicious file then starts a silent attack in the background of the targeted device. The victim’s router forwards its ports, giving unrestricted access to the network.

    Mirai Botnet

    In 2016, a group of hackers carried out a DDoS attack through UPnP. Using a botnet, they disabled a wide range of IoT devices — mainly security cameras — and caused a massive regional internet outage along the east coast of the US.


    Also known as QBot, QuackBot, and QakBot, this trojan attack is still active today. Most commonly used for banking attacks, Pinkslipbot exploits UPnP to infect victims, and it masks its activity to operate undetected. It installs keyloggers to steal passwords and sensitive data, and can also monitor activity and deploy ransomware.

    You can use proxy servers or VPNs to help avoid it, but sometimes you can’t stop identity theft. If you’re targeted, report identity theft immediately to avoid further damage and stop the culprits from targeting others.

    How to Enable or Disable UPnP

    Although UPnP is convenient, for some people the risks outweigh the benefits. In 2001, the FBI recommended disabling UPnP due to the constant threat posed to networks. If you decide to enable or disable UPnP, you need to do so through your router.

    Here’s how to disable UPnP on your router:

    1. Enter your router’s IP address in your browser’s address bar.

    2. In the router settings, go to the Advanced section. Then click NAT Forwarding.

    3. Select Disable UPnP.

    To enable or disable UPnP on your router, go to your Advanced router settings.

    Note: This process may vary according to your router. For specific instructions, check the support documentation for your specific router brand and type.

    If you’re getting the “UPnP not successful” error message on Xbox or other gaming console, first try to enable UPnP using the router settings process above. If UPnP connection is still unsuccessful, refer to your gaming console’s instructions to troubleshoot.

    And, if you prefer to keep UPnP enabled, you should boost your security, too. A firewall is essential for keeping hackers out of your network, but UPnP hacks can often get around this security measure. Both a DNS proxy server or VPN can hide your location for added security. But ultimately, the security and privacy benefits of a VPN make it the better tool for your cybersecurity arsenal.

    Keep your network safe with AVG AntiVirus

    Whether you use UPnP or not — your network is always at risk from cyber threats. Keep all your network devices protected with AVG AntiVirus FREE. With real-time threat monitoring, a powerful firewall, and built-in phishing protection, you can be sure your devices remain safe and secure.

    You don’t need to choose between safety and convenience. Install AVG today and stop worrying about the potential risks of using UPnP.

    Get ironclad security for your iPhone with AVG Mobile Security

    Free install

    Get ironclad mobile cybersecurity with AVG AntiVirus

    Free install
    Security Tips
    Deepan Ghimiray