Ubiquiti has been h4x0r3d Ubiquiti tells customers to change passwords after security breach | ZDNet yall Ubiquiti has been h4x0r3d change passwords immediately disable all of da cloud functions optional dump ubiquiti
Even though I have Cloud with my Apple and .edu account, I never have used it. My digital redundancy lies in three 12tb external hdd’s. One stored inside my home, second stored in my unattached workshop, and the third at a burial cache at my BOL. I back up any digital files once a month, important files right away. All three hdd’s are stored in Pelican cases.
Not all Ubiuiti networking products are impacted. Unifi, which is their commercial best seller is definitely impacted. It's designed to be "plug and play" so everything depends on discovery protocols and cloud based management. I wouldn't touch it with a ten foot pole. This incident was inevitable and it won't be the last time. I'm using Ubiuiti Edge products and don't use any of their cloud based bullhockie so am not impacted. There is a semi Unifi like management tool, but it can be run as an internal application. I don't use it and frankly want to get to the point where I'm using the CLI instead of the GUI, so I'm going the opposite direction. Guess I'm more of a stick shift kind of guy. Still learnin... UniFi = black box believe button products therefore promiscuous due to network discovery protocols. Designed to make semi competent techs look good because of a slick GUI. Not as flexible or as configurable as Edge. Edge = traditional fully managed and configurable. Does not need network discovery protocols because the people who use these products already know what they have. Requires actual planning and engineering.
Just got a VPN, my first experience with one. Bit of a chore setting it up on Linux but it's done now on both desktop and dual-boot laptop. IMHO, anyone who trusts any "cloud" with critical information is unaware and naive. That's good for your doggie pictures maybe. Good point @RouteClearance about keeping a third HDD backup at the BOL. I currently have one on my Linux Hard Drive, a copy on an external Hard Drive. Figured if things get hairy and I have to bug out I can simply unplug the external hard drive and pack it up. Question is, will I remember to do that? You just found a hole in my bugout plan RC, thanks!
Update: According to unnamed sources Ubiquiti breach much worse than previously disclosed Short version: Cloud bad. Monkey no use cloud. Monkey double no use cloud for security. Whistleblower: Ubiquiti Breach “Catastrophic” – Krebs on Security Whistleblower: Ubiquiti Breach “Catastrophic” March 30, 2021 126 Comments On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication. A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. The source — we’ll call him Adam — spoke on condition of anonymity for fear of retribution by Ubiquiti. “It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wrote in a letter to the European Data Protection Supervisor. “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.” Ubiquiti has not responded to repeated requests for comment. Update, Mar. 31, 6:58 p.m. ET: In a post to its user forum, Ubiquiti said its security experts identified “no evidence that customer information was accessed, or even targeted.” Ubiquiti can say this, says Adam, because it failed to keep records of which accounts were accessing that data. We’ll hear more about this from Adam in a bit. Original story: According to Adam, the hackers obtained full read/write access to Ubiquiti databases at Amazon Web Services (AWS), which was the alleged “third party” involved in the breach. Ubiquiti’s breach disclosure, he wrote, was “downplayed and purposefully written to imply that a 3rd party cloud vendor was at risk and that Ubiquiti was merely a casualty of that, instead of the target of the attack.” In its Jan. 11 public notice, Ubiquiti said it became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name the third party. In reality, Adam said, the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there. “They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration,” Adam said. Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies. Such access could have allowed the intruders to remotely authenticate to countless Ubiquiti cloud-based devices around the world. According to its website, Ubiquiti has shipped more than 85 million devices that play a key role in networking infrastructure in over 200 countries and territories worldwide. Continue reading →
As a followup I have been considering a Unifi UDM-Pro (router with some built in applications) because of a few interesting features like built in intrusion prevention and detection features and some hardware advances. For many users the UDM GUI, which allows control of all devices from a single interface is easier to manage. The more robust Edge line is still being produced, but there is little interest by Ubiquiti in hardware enhancements or in adding more command line only features to the GUI such as VPN provider setup that are a wee bit clunky. Still researching and leaning against, but they have rectified the dependency on their web site to manage systems and thought I would report: The ui.com login account is no longer needed on recent firmware versions. If you already have one or used it to do the initial setup it can be disabled or deleted. This is not the default, but it is now possible. You no longer need to use any aspect of the UI cloud. Again, use of cloud resources are the default but can be disabled. One example of this is that system backups used to be stored on the UI cloud with no choice. You can now configure this and all other cloud features to use local resources.
