Last week security researcher HD Moore unveiled his latest paper "Unplug. Don't Play," which looked into vulnerabilities in popular Universal Plug and Play (UPnP) implementations. Read More ..
What is UPnP? Paul Ducklin explained the principles and the reason behind it in his recent article about insecurity in video cameras, but the simple version is this: in my opinion, UPnP is one of the worst ideas ever.
Let's put it this way: UPnP is a protocol designed to automatically configure networking equipment without user intervention.
Sounds good, right? Until you think about it. UPnP allows things like XBoxes to tell your firewall to punch a hole through so you can play games.
UPnP also allows malware to punch holes in your firewall making access for criminals far easier.
Generally speaking it is a bad idea to implement something that can disable security features without authentication or the knowledge of the person controlling the device.