An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions

TL;DR

This paper reviews security vulnerabilities in UPnP-based IoT systems, analyzes potential attack vectors, and proposes solutions to enhance security in these widely used protocols.

Contribution

It provides a comprehensive analysis of UPnP security issues in IoT and suggests prospective solutions to mitigate associated threats.

Findings

Identification of key UPnP vulnerabilities in IoT

Analysis of attack opportunities exploiting these vulnerabilities

Proposed security measures to protect UPnP-based IoT systems

Abstract

Advances in the development and increased availability of smart devices ranging from small sensors to complex cloud infrastructures as well as various networking technologies and communication protocols have supported the rapid expansion of Internet of Things deployments. The Universal Plug and Play (UPnP) protocol has been widely accepted and used in the IoT domain to support interactions among heterogeneous IoT devices, in part due to zero configuration implementation which makes it feasible for use in large-scale networks. The popularity and ubiquity of UPnP to support IoT systems necessitate an exploration of security risks associated with the use of the protocol for IoT deployments. In this work, we analyze security vulnerabilities of UPnP-based IoT systems and identify attack opportunities by the adversaries leveraging the vulnerabilities. Finally, we propose prospective solutions to secure UPnP-based IoT systems from adversarial operations.