Nasty Ubiquiti Networks Malware: 5 Quick Tips for CE Pros

Vulnerabilities in Ubiquiti routers and wireless access points are wreaking havoc at ISPs. Here are five important lessons for integrators to avert potential network disasters in the future.

 •

Self-replicating malware is taking down Internet services around the world, exploiting a vulnerability in popular wireless routers, access points and other networking gear from Ubiquiti Networks.

A popular networking brand for home-technology integrators, Ubiquiti warned users of a flaw in its AirOS firmware last July and provided a patch at that time. But the patch was not universally applied.

Ubiquiti now has provided a new patch that further protects potentially vulnerable devices. A notice from the company reads:

This is an HTTP/HTTPS exploit that doesn't require authentication. Simply having a radio on outdated firmware and having it's [sic] http/https interface exposed to the Internet is enough to get infected.  We are also recommending restricting all access to management interfaces via firewall filtering.

Hagai Feiner, principal of the integrator-centric networking firm Access Networks, reached out to CE Pro about the latest network breaches, offering these basic tips for averting potentially disastrous effects from network vulnerabilities in the future.

  1. Always patch your gear. 
  2. Balance security with remote access to your hardware by preferably using VPN tunnels instead of port forwarding.
  3. Choose hardware vendors and networking partners that you can rely on quick and consistent support.
  4. Work with vendors that allow mass firmware updates so that if something bad does happen, you have a simple way to bring your clients up to current standards.
  5. Always patch your gear.

Ars Technica notes that a quick way to determine if Ubiquiti products are affected is to log in to the device over SSH with the username “mother” and the password “f****r*”

If a shell window appears, the device has been compromised.

Feiner advises that the safest course is to save any device's configuration and then re-flash with the latest firmware.

Ubiquiti offers a removal tool, as well as instructions to re-flash manually. More details here.

About the Author

Julie Jacobson
Follow
Julie Jacobson:

Julie Jacobson is founding editor of CE Pro, the leading media brand for the home-technology channel. She has covered the smart-home industry since 1994, long before there was much of an Internet, let alone an Internet of things. Currently she studies, speaks, writes and rabble-rouses in the areas of home automation, security, networked A/V, wellness-related technology, biophilic design, and the business of home technology. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, and earned an MBA from the University of Texas at Austin. She is a recipient of the annual CTA TechHome Leadership Award, and a CEDIA Fellows honoree. A washed-up Ultimate Frisbee player, Julie currently resides in San Antonio, Texas and sometimes St. Paul, Minn. Follow on Twitter: @juliejacobson

ARTICLE TOPICS:

NetworkingDevices/EquipmentNewsProducts

ARTICLE TAGS:

Access NetworksUbiquiti