Universal Plug and Play(UPnP) is one of the most widely deployed protocols, being part of just about every embedded system nowadays, included in routers, smart TVs, printers, projectors, gaming consoles, NAS and many more. By design and intention, UPnP is intended as a hands-off approach to autoconfiguration. It allows operating systems to communicate with supported devices, detect their abilities and interfaces and read as well as modify settings or execute functions. The lack of security on the one hand combined with a plethora of different features implemented by thousands of vendors makes for a rich attack surface. While mostly aimed at home networks, many UPnP enabled devices made it into office networks and provide their services on the internal networks, sometimes even the Internet, without anyone being aware.
Martin Zeiser has been into IT security for more than 20 years. Before and during his CS studies he developed software and papers covering topics ranging from in-depth TCP/IP to cryptography, covering various protocols, systems and attack surfaces, including exploits against server software or remotely decrypting NTLM passwords. He joined Cisco in 2007 and became one of the first members of the Talos organization.