Internet, Networking, & Security Home Networking What Is Universal Plug And Play (UPnP)? UPnP allows networked devices to connect—but not without some risks. by Stanley Goodner Writer Stanley Goodner is a former Lifewire writer who writes about audio equipment, music management, computer hardware, and other consumer technologies. our editorial process Stanley Goodner Updated on February 03, 2020 Universal Plug and Play (UPnP) automates the steps required to allow devices to communicate with each other over a network. Yagi Studio / Getty Images Home Networking Installing & Upgrading The Wireless Connection Routers & Firewalls Network Hubs ISP Broadband Ethernet Wi-Fi & Wireless Tweet Share Email Universal Plug and Play (UPnP) is a set of protocols and technologies that allows devices to automatically discover and connect to each other. Not to be confused with Plug and Play (PnP), UPnP is considered an extension of Plug and Play. When it works correctly, it automates all of the complex steps required for devices to communicate with each other, be it directly or over a network. How Does Universal Plug and Play Work? Universal Plug and Play uses standard networking protocols (e.g. TCP/IP, HTTP, DHCP) to support zero-configuration networking. This means that when a device joins or creates a network, Universal Plug and Play automatically: Assigns an IP address to the device and announces its presence to the network.Describes the device’s capabilities (e.g. printer, scanner) and availability to the network.Shares the names and capabilities of all other devices currently on the network.Sets control points so that actions can be requested of services (e.g. starting or canceling a print job).Updates the state of the device’s services.Provides an HTML-based user interface to control or view the device’s status. Universal Plug and Play technology can accommodate wired (Ethernet, Firewire) or wireless (WiFi, Bluetooth) connections without requiring any additional drivers. The use of common network protocols allows any UPnP-compatible device to participate, regardless of operating system, programming language, device type, or manufacturer. Universal Plug and Play also has an audio/video extension (UPnP AV), commonly incorporated in modern media players, smart televisions, CD/DVD/Blu-ray players, computers, and mobile devices. Similar to the DLNA standard, UPnP AV supports a wide variety of digital audio/video formats and is designed to facilitate content streaming between devices. UPnP AV typically does not require the Universal Plug and Play setting to be enabled on routers. Uses Cases for Universal Plug and Play One common use case is the network-attached printer. Without Universal Plug and Play, a user would have to go through the process of connecting and installing the printer on a computer. Then they would have to manually configure that printer in order to make it accessible on the local network. Lastly, they would have to go to each other computer on the network and connect to that printer, just so the printer can be recognized on the network by each computers. This can be time-consuming process, to say the least, especially if unexpected issues arise. With Universal Plug and Play, establishing communication between printers and other network devices is easy. All you have to do is plug a UPnP-compatible printer into an open ethernet port on the router, and Universal Plug and Play takes care of the rest. Other common UPnP use cases are: Sharing photos and streaming content with a media server.Streaming video using internet TV devices.Wireless home automation.Remote home surveillance. It’s expected that manufacturers will continue to make produces that leverage Universal Plug and Play. The trend has steadily expanded to encompass smart home products, including: Digital assistants (e.g. Amazon Echo).Smart lighting systems.Internet-controlled thermostats.Smart locks for doors. Security Risks for Universal Plug and Play Despite all the benefits of Universal Plug and Play, the technology still carries some security risks. The issue is that Universal Plug and Play does not authenticate; it merely assumes every device on a network is trusted and friendly. This means that if a computer has been compromised by malware or a hacker exploiting some security flaw—or any backdoor that can bypass protective network firewalls—everything else on the network becomes vulnerable. However, this problem has less to do with Universal Plug and Play and more to do with improper implementation. Many routers, particularly older-generation models, are vulnerable; they lack the proper security checks to determine if program requests are good or bad. If your router supports Universal Plug and Play, there will be an option in the settings to turn the feature off. While it will take some time and effort, one can re-enable control of devices on the same network through manual configuration and port forwarding.