Device Host Security Considerations
Using the device host creates security issues because of the following:
- Devices hosted on a computer running Windows XP sends announcements on all networks.
- Devices hosted on a computer running Windows XP allow control of devices from all networks.
This increases the risk to home consumers, because devices such as a media player or a bridged lighting or HVAC system hosted on a computer running Windows XP are visible and can be controlled from control points outside the home.
When you are creating a hosted device, you need to take into consideration some security issues.
- To reduce the scope of discovery and attack of UPnP-based devices, the TTL of all SSDP messages is 1. This means that a registered device is only discovered by control points on the same network. You can configure a higher TTL in the registry.
- Registering a non-running device requires pre-registering the device .dll with COM, which requires administrator privilege.
- Registering a running device requires Administrator, Local Service, or Local System privilege.
- When the device host is started, it is run as LocalService. This gives the device the ability to generate audits and read the HKEY_LOCAL_MACHINE registry key. The device does have access to HKEY_CURRENT_USER. The LocalService account can use resources to which LocalService has been granted access, as well as those that grant access to AuthenticatedUser. The device has restricted file system access.
- The file system ACLs must be updated to allow LocalService access to the resource directory.
- If your device must have more security access, you can create your own process for the device and register it by using IUPnPRegistrar::RegisterRunningDevice.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for