If you’re using a Wi-Fi router, you may be at risk of a security hole that could allow attackers to access your personal data and even take control of your device. UPnP is a popular feature of routers, and it allows you to easily share files and printers between devices. But because UPnP can be used to connect devices that are not connected through the same Wi-Fi network, it can also be used to connect devices that are not even in the same country. This could allow attackers to access your data, or even take control of your device if they have gained access to your router’s UPnP settings. To protect yourself from this potential security issue, make sure that you disable UPnP on your router.
There’s some 81 million unique IP addresses that expose UPnP functionality from the internet, and more than 6900 different devices are potentially vulnerable, at least, to being hacked from the outside. This means, theoretically, that your router could end up being hacked to forward ports from the outside world, which leaves you open to more hacking.
The simple answer is to disable UPnP on your wireless router. Since each router is different, you’ll need to login to your wireless router’s admin panel (use the manual to figure that out), and then find the UPnP setting. If you’ve forgotten the password, check out our article on how to access your router even if you forgot the password.
Security Flaws in Universal Plug and Play: Unplug, Don’t Play [SecurityStreet | Rapid7]