Determining Home Users´ Vulnerability to Universal Plug and Play (UPnP) Attacks

Universal Plug and Play (UPnP) technology is used worldwide since it has simplified the installation and management of the devices. As a result, many devices are now equipped with UPnP capabilities. Unfortunately using UPnP in home routers puts routers at risk of abuse. For example, it is easier for hackers to discover the devices and use device vulnerabilities in order to make malicious attacks to cause financial or reputation damage to the users. In this paper, we have analyzed the UPnP protocol and its different vulnerabilities. Furthermore, we have emphasized how common the problem is with the home users´ devices. Hence, we suggest a tool to achieve transparency in the health of the Internet by detecting UPnP enabled devices which are likely to be attacked on home networks. The tool will look for UPnP based attacks when people´s routers have been compromised. The tool is easy to install and use for novice home users and maintains their privacy too. This project aims not only to implement a tool for a user to determine whether his/her system is vulnerable to a particular attack, but also to measure the prevalence of vulnerabilities at national or global level. Thus a larger framework is required to collect and manage the results from individual users.