Self-replicating malware is taking down Internet services around the world, exploiting a vulnerability in popular wireless routers, access points and other networking gear from Ubiquiti Networks.
A popular networking brand for home-technology integrators, Ubiquiti warned users of a flaw in its AirOS firmware last July and provided a patch at that time. But the patch was not universally applied.
Ubiquiti now has provided a new patch that further protects potentially vulnerable devices. A notice from the company reads:
This is an HTTP/HTTPS exploit that doesn't require authentication. Simply having a radio on outdated firmware and having it's [sic] http/https interface exposed to the Internet is enough to get infected. We are also recommending restricting all access to management interfaces via firewall filtering.
Hagai Feiner, principal of the integrator-centric networking firm Access Networks, reached out to CE Pro about the latest network breaches, offering these basic tips for averting potentially disastrous effects from network vulnerabilities in the future.
- Always patch your gear.
- Balance security with remote access to your hardware by preferably using VPN tunnels instead of port forwarding.
- Choose hardware vendors and networking partners that you can rely on quick and consistent support.
- Work with vendors that allow mass firmware updates so that if something bad does happen, you have a simple way to bring your clients up to current standards.
- Always patch your gear.
Ars Technica notes that a quick way to determine if Ubiquiti products are affected is to log in to the device over SSH with the username “mother” and the password “f****r*”
If a shell window appears, the device has been compromised.
Feiner advises that the safest course is to save any device's configuration and then re-flash with the latest firmware.
Ubiquiti offers a removal tool, as well as instructions to re-flash manually. More details here.
