20,000+ Ubiquiti Devices Exposed: Amplification Attacks & Data Leaks
A new report from Check Point Research (CPR) reveals that over 20,000 Ubiquiti devices, including the popular G4 Instant Camera and other models, remain susceptible to cyberattacks. The vulnerabilities, stemming from exposed UDP ports and a lack of authentication, not only expose these devices to amplification attacks but also leak sensitive user data, posing significant privacy risks.
CPR’s deep dive into Ubiquiti’s network protocols unveiled a discovery: two custom privileged processes on ports 10001 and 7004 were operating without any authentication. These processes, designed for device discovery, inadvertently broadcast detailed information in response to ‘ping’ packets, including platform names, software versions, configured IP addresses, and even owner names and locations.
The exposed data includes detailed device information and, in some cases, owner information, which can be used for targeted social engineering attacks. Examples of exposed data include:
- Device Identification: Types like NanoStation Loco M2 or AirGrid M5 HP.
- Owner Information: Full names, company names, and addresses.
Some devices even displayed warnings such as “HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD,” indicating prior compromises and highlighting the critical nature of these vulnerabilities.
The implications of this data exposure are far-reaching. Malicious actors could exploit this information to launch targeted attacks, amplify denial-of-service (DoS) attacks, or engage in social engineering schemes. Moreover, the exposed data could be leveraged for identity theft, stalking, or other malicious activities.
This is not the first time Ubiquiti has faced scrutiny over its security practices. In 2019, a similar vulnerability was discovered and reportedly patched. However, the fact that over 20,000 devices remain vulnerable five years later raises serious concerns about the company’s ability to effectively address security issues and the broader challenges of securing the ever-growing landscape of IoT devices.
For Ubiquiti users, the message is clear: update your firmware immediately. While the company claims to have addressed the issue, the prevalence of vulnerable devices suggests that many users have not yet applied the patch. Beyond updates, users should also prioritize robust network security practices, such as firewalls, strong passwords, and network segmentation, to minimize the risk of unauthorized access.
