ISPs and local networks are crashing lately, thanks to a vulnerability in some Ubiquiti Networks products that opened the door to a malicious worm.
This type of breach can happen to anyone, even the mightiest of military-grade networking systems, which is why the whole network ecosystem must conspire to detect malware and mitigate damages.
As reported earlier, a new category of consumer products has emerged over the past year to protect home and personal networks and the things attached to them.
These products range from “personal cloud” devices the like those from Cujo, Dojo Labs, BitCircle, Daplie, PFP, Luma and Keezel … to IP-discovery platforms from companies like Domotz, ihiji, Krika and newcomer Digital Butler. (“Network Intelligence” begins on page 64 of the Ultimate Guide to Home Automation at CES 2016).
Simple updates to these products and services can be implemented to detect breaches like Ubiquiti's. In this particular case, the malware can be confirmed by entering the user name “mother” and password “f****r” without the asterisks. Successful authentication means the damage has been done, and a re-flash is necessary.
Krika, whose Internet appliance incorporates a unique set of IP-sniffing tools for device discovery and home automation, has updated its boxes with code to detect corrupted Ubiquiti devices.
Krika CTO and founder Bruno Napoli says his company can deploy these quick fixes “on the fly within minutes in all our Krika devices.”
There is a script in each Krika box that performs a series of network tasks, for example, checking if devices are present on the network, and then pinging them with specific queries depending on the manufacturer and model to gather additional data.
“We know how to query devices with almost every protocol, including SSH, HTTP, Telnet, UPNP…,” Napoli explains, “so we updated our script to try to log into SSH with “mother + f****r” credentials when we detect any Ubiquiti device.”
If Krika receives an authorization to login, then it alerts the user of a breach.
Napoli tells CE Pro that none of Krika's customers has been affected by the Ubiquiti bug.
- Always patch your gear.
- Balance security with remote access to your hardware by preferably using VPN tunnels instead of port forwarding.
- Choose hardware vendors and networking partners that you can rely on quick and consistent support.
- Work with vendors that allow mass firmware updates so that if something bad does happen, you have a simple way to bring your clients up to current standards.
- Always patch your gear.