What is UPnP and how does it work?

UPnP facilitates the networking of network or multifunction devices such as computers, smartphones, hard drives, or smart TVs. However, if you activate UPnP in a network, you should also be aware of the risks.

Plug and play everywhere - that’s the best description of Universal Plug and Play we can think of, abbreviated as UPnP. Anyone who uses devices with an assigned IP at home can connect them with UPnP regardless of the manufacturer, retrieve media from a UPnP server effortlessly, and access files across devices. UPnP was originally developed as a bundle of protocols by Microsoft and has been under development by the Open Connectivity Foundation (OCF) since 2016. The standard includes multicast addresses and protocols such as IP, UDP, HTTP, XML, TCP, and SOAP.

The way UPnP works is simple. The activated UPnP standard makes it possible to automatically identify network-compatible devices with their own IP address via control software and to access them from other devices. The control software is either pre-installed in the network device or downloaded afterwards. You no longer need to actively connect to devices thanks to UPnP, as they offer their services directly and grant access to files. This applies to music and videos on a PC that you access via a cell phone or movies on a computer that you stream via the smart TV.

The sequence and structure of UPnP requests usually looks like this:

1. Addressing: In an IP network, network-enabled devices usually receive their IP address via the router and can be found and used in the UPnP network.
2. Discovery: The UPnP device uses the SSDP (Simple Service Discovery Protocol) to identify itself to other devices and control points in the network and is localized via UDP (User Datagram Protocol).
3. Description: The control point retrieves device descriptions via the HTTP protocol as an XML file containing details of manufacturer, serial number, driver information, and presentation, control, and event URLs.
4. Control: Cross-device communication takes place via the SOAP protocol, which is used to send messages to the device URLs to enable remote control.
5. Event Control: To avoid always having to actively query the status of services and other devices, UPnP devices use subscribed event messages by means of GENA (General Event Notification Architecture).
6. Presentation: The presentation URLs (contained in the description XML file of a device) can be used to access other devices from the web browser as an alternative to UPnP.

A defining feature of UPnP is that each associated device must have an IP address and control software. In addition, a device in the network can only offer access to data if it acts as a UPnP server with an active UPnP function or software. The control software enables cross-device UPnP communication and data transfer via TCP, HTTP, or DLNA protocols. Since not every device has pre-installed control software, it may be necessary to install appropriate apps on the smartphone that can access UPnP servers and load media from a PC or network hard drive.

To set up a Windows computer as a UPnP server, it is also necessary to install control software such as Universal Media Server. Meanwhile, Windows Media Player also has the function to make the computer a UPnP server. As a UPnP server, the device enables access to files from the PC from other end devices, e.g. via the VLC Media Player on smartphones or certain smart TVs. UPnP also ensures that associated USB devices and hard drives are automatically detected when you plug them into a device.

It takes only a few steps to enable UPnP in Windows and make files available externally. To do this, enter the search term “Media streaming options” in the Windows search, open the search result and then click “Enable media streaming”. You may still need to confirm the process as an administrator. If special software such as the Universal Media Server is already installed, the UPnP function is automatically taken over by the control software.

The UPnP function is disabled on Windows by default for a reason. The free and device-independent access to files from a UPnP server also poses dangers. These include:

• DSL routers with the UPnP function enabled allow instant messengers and file-sharing apps to forward files to the local network without authentication.
• Port sharing by UPnP devices may allow devices to be accessed from the Internet.
• Ports that are open to the outside world are quickly exploited by malware or botnets for DDoS attacks.

It is generally advised to disable the UPnP function, especially on routers, and to ensure that port sharing via UPnP is not possible.

Various media players, including UPnP players, make it possible to access playable media such as music, videos or even pictures from smartphones, tablets, or laptops. However, to access the files of another device, it must already function as a UPnP server. Among the best-known UPnP-enabled media players, which are available as apps for smartphones, desktops, or smart TVs, is the VLC Media Player. Other UPnP media players are:

• Plex (Windows, macOS, Linux)
• MusPnP (Windows, macOS, Linux)
• MediaMonkey (Windows, Android)
• Kodi (Windows, macOS, Linux, Android, iOS)
• Banshee (Windows, macOS, Linux)

To turn a device into a UPnP server, programs such as Universal Media Server or Wild Media Server are suitable. Windows systems from Windows Media Player 11 onwards have a built-in UPnP server function.