How Krika IP-Discovery Platform Detects Ubiquiti Networks Worm

Malware propagated through vulnerable Ubiquiti networking gear can be detected by inexpensive IP device-discovery services like Krika.


ISPs and local networks are crashing lately, thanks to a vulnerability in some Ubiquiti Networks products that opened the door to a malicious worm.

This type of breach can happen to anyone, even the mightiest of military-grade networking systems, which is why the whole network ecosystem must conspire to detect malware and mitigate damages.

As reported earlier, a new category of consumer products has emerged over the past year to protect home and personal networks and the things attached to them.

These products range from “personal cloud” devices the like those from Cujo, Dojo LabsBitCircleDapliePFPLuma and Keezel … to IP-discovery platforms from companies like Domotz, ihiji, Krika and newcomer Digital Butler. (“Network Intelligence” begins on page 64 of the Ultimate Guide to Home Automation at CES 2016).

Simple updates to these products and services can be implemented to detect breaches like Ubiquiti's. In this particular case, the malware can be confirmed by entering the user name “mother” and password “f****r” without the asterisks. Successful authentication means the damage has been done, and a re-flash is necessary.

Krika, whose Internet appliance incorporates a unique set of IP-sniffing tools for device discovery and home automation, has updated its boxes with code to detect corrupted Ubiquiti devices.

Krika CTO and founder Bruno Napoli says his company can deploy these quick fixes “on the fly within minutes in all our Krika devices.”

There is a script in each Krika box that performs a series of network tasks, for example, checking if devices are present on the network, and then pinging them with specific queries depending on the manufacturer and model to gather additional data.

“We know how to query devices with almost every protocol, including SSH, HTTP, Telnet, UPNP…,” Napoli explains, “so we updated our script to try to log into SSH with “mother + f****r” credentials when we detect any Ubiquiti device.”

If Krika receives an authorization to login, then it alerts the user of a breach.

Napoli tells CE Pro that none of Krika's customers has been affected by the Ubiquiti bug.

To reiterate the wise words of Hagai Feiner, principal of the integrator-centric networking firm Access Networks:

  1. Always patch your gear. 
  2. Balance security with remote access to your hardware by preferably using VPN tunnels instead of port forwarding.
  3. Choose hardware vendors and networking partners that you can rely on quick and consistent support.
  4. Work with vendors that allow mass firmware updates so that if something bad does happen, you have a simple way to bring your clients up to current standards.
  5. Always patch your gear.

About the Author

Julie Jacobson
Julie Jacobson:

Julie Jacobson is founding editor of CE Pro, the leading media brand for the home-technology channel. She has covered the smart-home industry since 1994, long before there was much of an Internet, let alone an Internet of things. Currently she studies, speaks, writes and rabble-rouses in the areas of home automation, security, networked A/V, wellness-related technology, biophilic design, and the business of home technology. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, and earned an MBA from the University of Texas at Austin. She is a recipient of the annual CTA TechHome Leadership Award, and a CEDIA Fellows honoree. A washed-up Ultimate Frisbee player, Julie currently resides in San Antonio, Texas and sometimes St. Paul, Minn. Follow on Twitter: @juliejacobson