/home

In May 2006 I presented a paper called "Universal Plug and Play: Dead simple or simply deadly" at the SANE 2006 conference in Delft, The Netherlands (awarded with the best paper award), where I discussed a lot of security problems with the Universal Plug and Play protocol and quite a few UPnP implementations.

In the  years following my presentation very little has changed. A lot of routers are still shipped with grave security bugs, including involuntary onion routing, remote root exploits and complete remote control over firewalls. New exploits are popping up, where bugs in Universal Plug and Play are exploited using a buggy Flash plugin in a web browser, turning a mostly local attack into something a lot more dangerous. And that is just the beginning.

Disclaimer

This site is not a cracking site, but meant as a platform to tell about my research of security risks that exist in UPnP implementations that are running on millions of devices, that many people have as a central hub in their network and completely trust and to increase awareness about these risks, so the devices will get fixed and we will have a slightly safer Internet.

News

22 Jan 2011: [General] Time flies, but also stands still

I can't believe it has been a bit more than five years that I spent furiously writing my paper for the SANE 2006 conference during the Christmas holidays in 2005. Yet many things still seem to b... (read more)

18 Oct 2009: [Site updates] Site updates...or lack thereof

As people who have been visiting this site might have noticed: not much has changed since March. I have not had too much free time since then to work on this, but I hope that towards the end of ... (read more)

5 Mar 2009: [General] UPnP eventing research

The research report by Joeri Blokhuis about hacking UPnP eventing on two devices was published (PDF).

(read more)

4 Mar 2009: [IGD hacking] Conficker and UPnP

It appears that the Conficker worm uses UPnP to open ports in firewalls. I'm wondering if they have worked around all the quirks in the stacks ;-)

(read more)

3 Feb 2009: [General] ELCE talk online (video)

A video of my UPnP talk at ELCE 2008 about abusing UPnP has been posted online at the Free Electrons website.

(read more)

28 Jan 2009: [General] Wrapping up 'hacking eventing' project

Joeri Blokhuis, a student at OS3, is currently wrapping up his research about hacking the eventing system in a few UPnP devices. Although no shocking things have... (read more)

4 Jan 2009: [General] Project: hacking eventing

Starting tomorrow Joeri Blokhuis, a student at OS3 will start looking into possible vulnerabilities in the eventing system of various UPnP stacks.

(read more)

3 Jan 2009: [Site updates] Frequently Asked Questions page added

The holiday season gave me some time to finally write a proper FAQ page. You can find the link in the menu.

(read more)

29 Dec 2008: [Site updates] Code release soon

I'm currently documenting and cleaning up some of the Python code I use for performing checks. As soon as I am done I will release it (hopefully in early January).

(read more)

23 Nov 2008: [Rants] Why routers will be next

Everybody is always giving Microsoft a hard time regarding security. Especially many Linux die-hard fans are convinced that everything Microsoft does is bad and Linux is safer, just because it i... (read more)

16 Nov 2008: [Site updates] Embedded Linux Conference Europe 2008 slides online

I've put the slides of my talk at the Embedded Linux Conference Europe online. You can find them in the 'Downloads' section.

(read more)

9 Oct 2008: [A/V hacking] Trying to hack TVs - report

Recently I went to NXP (formerly Philips Semiconductors) to sit down with Jan Brands, one of their security researchers. He had scavenged the NXP offices for UPnP enabled devices, mostly TVs fro... (read more)

© 2006-2011, Armijn Hemel/upnp-hacks.org