Ubiquiti Security Breach — CyberHoot

Ubiquiti, a large vendor of cloud-enabled Internet of Things (IoT) devices such as Wi-Fi Access Points, Video Recorders, and Security Cameras recently faced a security incident. Ubiquiti stated an incident at a third-party cloud provider potentially exposed customer information including user credentials to remotely manage Ubiquiti devices. The company sent an email urging customers to change their passwords and enable multi-factor authentication as soon as possible. CyberHoot was asked by multiple customers if this was a phishing email (as it was urgent, had links, and was unexpected). After some quick research and a visit to Krebs on Security blog, we determined it was legitimate and urged our clients to take action.

Ubiquiti Response

Ubiquiti’s email, sent to customers on January 11th, 2021, explained that “unauthorized access to information technology systems hosted by a third party cloud provider,” had put credentials at risk and urged all clients to take action as described in the email below:

The announcement sent by Ubiquiti may look like a potential phishing email due to them addressing the user as ‘customer’ and urging actions to be taken, but it has been verified on their website as authentic. This warning from Ubiquiti is notable because they’ve made it hard for users with the latest Ubiquiti firmware to communicate with their devices without first authenticating through the company’s cloud-based systems. This has become a pain point for many customers, as evidenced by numerous threads on the topic in the company’s user support forums over the past few months:

“While I and others do appreciate the convenience and option of using hosted accounts, this incident clearly highlights the problem with relying on your infrastructure for authenticating access to our devices. A lot us cannot take your process for granted and need to keep our devices offline during setup and make direct connections by IP/Hostname using our Mobile Apps.”

Improving Security

With the security incident at Ubiquiti putting user’s information at risk, users with accounts at the domain should update their security settings ASAP. To manage your security settings on a Ubiquiti device, visit https://account.ui.com, and log in. Click on ‘Security’ from the left-hand menu. Perform the following tasks, use the image below as a reference:

  1. Change your password (unique, 14+ characters, stored in a password manager)
    2. Set a session timeout value
    3. Enable 2FA (most important step)

Conclusions

Log into your Ubiquiti cloud account and update your security settings with a new unique 14+ character password (stored in your password manager) and enable 2FA today!

Source: KrebsOnSecurity

Additional Reading: Ubiquiti Tells Customers To Change Passwords After Security Breach

A writer for CyberHoot, a cybersecurity company that helps society become more aware and more secure: https://cyberhoot.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

AWS EC2 Instance Windows*- Unable to PING?

3 Apps Every Internet User Must Have in 2020

Data Masking & Encryption in Azure

What to look for in a crypto wallet

An Introduction of Jedi Protocol

SolarWinds and FireEye Analysis

Planet Finance Completes Successful Audit With Halborn

🔐 Security is a priority for S-Wallet 🔐

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ty Mezquita — CyberHoot

Ty Mezquita — CyberHoot

A writer for CyberHoot, a cybersecurity company that helps society become more aware and more secure: https://cyberhoot.com/

More from Medium

Log4j/Log4Shell Vulnerability Scanning and Exploit Detection in Uptycs osquery

Boss of the SOC v1

Detect and Alert on Sentinel

What is Identity and Access Management?