HACKERS GAIN ACCESS TO UBIQUITI WI-FI CLOUD PLATFORM. OPERATORS WHO USE UBIQUITI NEED TO TAKE ACTION
Many coworks and shared workspaces use Ubiquiti Wi-Fi access points. Some also use their network switches and cameras. Their guest Wi-Fi system is popular with smaller coworks. Operators use Ubiquiti because it is cloud based, easily deployed, multi-location and especially affordable.
Unfortunately, once an intruder gets inside a cloud system the potential damage is enormous. In this case there is a whistleblower claim that hackers gained super admin level some months ago, that is, access to the whole platform. Ubiquiti acknowledge that a ransom attempt was made, which reports claim was Bitcoin in excess of $2million value in return for silence about the hack.
Having your core technology hacked is a concern. Perhaps even more of a concern is the suggestion that Ubiquiti have been less than forthcoming in their response, downplaying the significance. The Ubiquiti statement is certainly hard to find (headlined “account notification“) and the impression is that the company wishes to minimize the event.
In summary, there are two risks for operators: a potential and recent loss of customer personal data, and the future risk of bad actors taking over your hardware. One is a legal and data privacy issue, the other is the risk of deliberate interruption to your business operation. And there’s an intangible risk: how will potential customers regard an operator’s use of this vendor.
Get the background
To assess the claims and the risk, read the ‘whistle-blower’ bulletin from Krebs Security. Addition background at ArsTechnica and The Verge. You can find some background colour of variable value on YouTube as well.
Ubiquiti provide cloud managed Wi-Fi access points under the brand Unifi, as well as network switches, door access, security cameras, fixed wireless access, and phones. Wi-Fi products are here.
- Do you use Ubiquiti Unifi products? Do you know if you use Ubiquiti?
There are ways to search your network if you don’t know. Hardware is not always obvious or marked.
You should have an asset register. TFI has forthcoming publication on how to maintain asset databases.
- [UK and EU] Do you have a Data Protection Officer (DPO)? If you use Ubiquiti, this officer should be informed and plan a response. In the UK, the Information Commissioners Office defines the role and your responsibilities under GDPR. EU will be similar.
- Did you source Ubiquiti through a reseller? Have they already contacted you with a mitigation plan?
If your reseller has NOT contacted you, then you may want to have a conversation about your expectations with them. Do you need help with supplier management?
- Take Action to secure your systems. The expectation is that users of Ubiquiti systems should have changed passwords and instituted2FA (2 Factor Authentication) sometime after mid Jan 2021. Have you?
- Is there a need to communicate with your customers? That will depend on what products you have deployed.
If you need assistance or more information, please contact us via Twitter, LinkedIn or the contact form here.
We will follow up this story in a few weeks.