OP 18 August, 2024 - 10:06 PM
(This post was last modified: 18 August, 2024 - 10:47 PM by DragonCave.)
Researchers have uncovered a critical vulnerability affecting over 20,000 Ubiquiti devices connected to the internet, exposing sensitive personal data of their owners. Despite patches being released, the issue remains unresolved, posing significant risks to users.
Check Point Research identified the vulnerability in popular Ubiquiti G4 Instant Wi-Fi cameras and Cloud Key+ devices. The problem stems from two privileged processes that have become accessible via the network interface, specifically through unprotected ports 10001 and 7004, which operate using UDP (User Datagram Protocol), a key communication protocol.
The severity of the issue is highlighted by hacked devices displaying alarming messages like "HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD," indicating that attackers have successfully exploited the vulnerability, often leaving default passwords in place.
The researchers discovered that these vulnerable devices leak a range of information, including platform names, software versions, and configured IP addresses. This data can be a goldmine for attackers, particularly those using social engineering tactics.
What makes this situation even more concerning is that this vulnerability isn't new. It was first exploited in 2019 to carry out denial-of-service (DoS) attacks on Ubiquiti devices. Back then, Rapid7 experts identified nearly half a million vulnerable devices. Despite the release of patches, the problem persists.
In an experiment conducted by Check Point Research, fake packets were sent to detect devices on their test network. Alarmingly, both the G4 camera and CK+ device responded to these packets, confirming the vulnerability. A broader scan revealed that more than 20,000 devices on the internet, likely not updated, also responded to these fake requests.
By decoding the hostnames of these devices, researchers could access detailed information about the owners, including full names, company names, and addresses. Other vulnerable models identified included the NanoStation Loco M2 and AirGrid M5 HP.
Despite Ubiquiti's previous efforts to address the issue, stating that devices with the latest firmware should only respond to internal IP addresses, the vulnerability remains a serious threat. Check Point experts emphasize that even minor oversights can leave devices exposed to attacks for years.
The slow adoption of fixes for IoT devices, coupled with the fact that many users never update their systems, underscores the importance of designing IoT devices with security as a priority. Building in mechanisms to protect against exploits and malware from the outset is crucial.
Device owners are urged to verify that their cameras and other gadgets are running the latest firmware to safeguard against potential attacks.
This is a bump
Check Point Research identified the vulnerability in popular Ubiquiti G4 Instant Wi-Fi cameras and Cloud Key+ devices. The problem stems from two privileged processes that have become accessible via the network interface, specifically through unprotected ports 10001 and 7004, which operate using UDP (User Datagram Protocol), a key communication protocol.
The severity of the issue is highlighted by hacked devices displaying alarming messages like "HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD," indicating that attackers have successfully exploited the vulnerability, often leaving default passwords in place.
The researchers discovered that these vulnerable devices leak a range of information, including platform names, software versions, and configured IP addresses. This data can be a goldmine for attackers, particularly those using social engineering tactics.
What makes this situation even more concerning is that this vulnerability isn't new. It was first exploited in 2019 to carry out denial-of-service (DoS) attacks on Ubiquiti devices. Back then, Rapid7 experts identified nearly half a million vulnerable devices. Despite the release of patches, the problem persists.
In an experiment conducted by Check Point Research, fake packets were sent to detect devices on their test network. Alarmingly, both the G4 camera and CK+ device responded to these packets, confirming the vulnerability. A broader scan revealed that more than 20,000 devices on the internet, likely not updated, also responded to these fake requests.
By decoding the hostnames of these devices, researchers could access detailed information about the owners, including full names, company names, and addresses. Other vulnerable models identified included the NanoStation Loco M2 and AirGrid M5 HP.
Despite Ubiquiti's previous efforts to address the issue, stating that devices with the latest firmware should only respond to internal IP addresses, the vulnerability remains a serious threat. Check Point experts emphasize that even minor oversights can leave devices exposed to attacks for years.
The slow adoption of fixes for IoT devices, coupled with the fact that many users never update their systems, underscores the importance of designing IoT devices with security as a priority. Building in mechanisms to protect against exploits and malware from the outset is crucial.
Device owners are urged to verify that their cameras and other gadgets are running the latest firmware to safeguard against potential attacks.
This is a bump