Over 20,000 Ubiquiti Devices at Risk: Amplification Attacks and Data Leaks Explained

Threat Actor: Malicious Actors | malicious actors
Victim: Ubiquiti | Ubiquiti
Price: N/A
Exfiltrated Data Type: Device information and owner details

Key Points :

  • Over 20,000 Ubiquiti devices, including G4 Instant Cameras, are vulnerable to cyberattacks.
  • Vulnerabilities arise from exposed UDP ports and lack of authentication.
  • Exposed data includes device identification and sensitive owner information.
  • Malicious actors could exploit this data for targeted attacks and social engineering schemes.
  • Ubiquiti has faced similar security issues in the past, raising concerns about their security practices.
  • Users are advised to update firmware and implement strong network security measures.

A new report from Check Point Research (CPR) reveals that over 20,000 Ubiquiti devices, including the popular G4 Instant Camera and other models, remain susceptible to cyberattacks. The vulnerabilities, stemming from exposed UDP ports and a lack of authentication, not only expose these devices to amplification attacks but also leak sensitive user data, posing significant privacy risks.

CPR’s deep dive into Ubiquiti’s network protocols unveiled a discovery: two custom privileged processes on ports 10001 and 7004 were operating without any authentication. These processes, designed for device discovery, inadvertently broadcast detailed information in response to ‘ping’ packets, including platform names, software versions, configured IP addresses, and even owner names and locations.

The exposed data includes detailed device information and, in some cases, owner information, which can be used for targeted social engineering attacks. Examples of exposed data include:

  • Device Identification: Types like NanoStation Loco M2 or AirGrid M5 HP.
  • Owner Information: Full names, company names, and addresses.

Some devices even displayed warnings such as “HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD,” indicating prior compromises and highlighting the critical nature of these vulnerabilities.

The implications of this data exposure are far-reaching. Malicious actors could exploit this information to launch targeted attacks, amplify denial-of-service (DoS) attacks, or engage in social engineering schemes. Moreover, the exposed data could be leveraged for identity theft, stalking, or other malicious activities.

This is not the first time Ubiquiti has faced scrutiny over its security practices. In 2019, a similar vulnerability was discovered and reportedly patched. However, the fact that over 20,000 devices remain vulnerable five years later raises serious concerns about the company’s ability to effectively address security issues and the broader challenges of securing the ever-growing landscape of IoT devices.

For Ubiquiti users, the message is clear: update your firmware immediately. While the company claims to have addressed the issue, the prevalence of vulnerable devices suggests that many users have not yet applied the patch. Beyond updates, users should also prioritize robust network security practices, such as firewalls, strong passwords, and network segmentation, to minimize the risk of unauthorized access.

Related Posts:

Original Source: https://securityonline.info/20000-ubiquiti-devices-exposed-amplification-attacks-data-leaks/