Nasty Ubiquiti Networks Malware: 5 Quick Tips for CE Pros

Self-replicating malware is taking down Internet services around the world, exploiting a vulnerability in popular wireless routers, access points and other networking gear from Ubiquiti Networks.

A popular networking brand for home-technology integrators, Ubiquiti warned users of a flaw in its AirOS firmware last July and provided a patch at that time. But the patch was not universally applied.

Ubiquiti now has provided a new patch that further protects potentially vulnerable devices. A notice from the company reads:

This is an HTTP/HTTPS exploit that doesn't require authentication. Simply having a radio on outdated firmware and having it's [sic] http/https interface exposed to the Internet is enough to get infected.  We are also recommending restricting all access to management interfaces via firewall filtering.

Hagai Feiner, principal of the integrator-centric networking firm Access Networks, reached out to CE Pro about the latest network breaches, offering these basic tips for averting potentially disastrous effects from network vulnerabilities in the future.

1. Always patch your gear. 
2. Balance security with remote access to your hardware by preferably using VPN tunnels instead of port forwarding.
3. Choose hardware vendors and networking partners that you can rely on quick and consistent support.
4. Work with vendors that allow mass firmware updates so that if something bad does happen, you have a simple way to bring your clients up to current standards.
5. Always patch your gear.

Ars Technica notes that a quick way to determine if Ubiquiti products are affected is to log in to the device over SSH with the username “mother” and the password “f****r*”

If a shell window appears, the device has been compromised.

Feiner advises that the safest course is to save any device's configuration and then re-flash with the latest firmware.

Ubiquiti offers a removal tool, as well as instructions to re-flash manually. More details here.