> Ubiquiti also hinted it had an idea of who was behind the attack, saying it has “well-developed evidence that the perpetrator is an individual with intricate knowledge of our cloud infrastructure. As we are cooperating with law enforcement in an ongoing investigation, we cannot comment further.”<p>I personally don't believe this. IMO, this is a company who is looking for a fall guy, and _most likely_ it's going to be somebody who raised a stink about all the security problems during their time there.<p>Form your own opinion, I'm just a guy who worked at Ubiquiti for a year, raising all kinds of hell about the security, architectural, and operational problems that I saw while I was there.<p>But what do I know...
Mentioned it before, but since a few days ago my unifi devices (2 wifi APs, a small switch, plus one Debian VM with the controller, all on it's on VLAN) are not allowed to do outbound traffic anymore, with the exception of NTP, DNS and one trusted apt mirror.<p>Looking at the firewall logs it seems the devices try to ping (ICMP type 8) a bunch of AWS IPs every few hours. The controller tries to connect 80/443 on different AWS IPs a lot more often, even without me navigating the web interface. Other than that, no ill effects. Device firmware update notifications are gone, just says "up to date" now.<p>Interestingly, I still see the ad for their "dream machine" on the dashboard, as it seems to be baked into the controller. It's also trying to load external resources from "net-fe-static-assets.network-controller.svc.ui.com" while navigating the new web interface. The "classic" interface still seems to be truly self-contained. Using the latest controller version as of today (6.1.71-15061-1).<p>Condensed firewall logs for reference below. Not that it matters much, but why not.<p>Unifi controller VM:<p><pre><code> zgrep unifidrop /var/log/syslog\* | grep "SRC=$unificontroller" | awk '{print $12, $21}' | sort | uniq -c | sort -h
5 DST=13.224.246.17 DPT=443
5 DST=143.204.174.59 DPT=443
5 DST=143.204.174.83 DPT=443
5 DST=34.210.116.187 DPT=80
5 DST=34.211.38.191 DPT=80
5 DST=34.218.198.60 DPT=80
5 DST=99.84.5.14 DPT=80
5 DST=99.84.5.24 DPT=80
5 DST=99.84.5.51 DPT=80
5 DST=99.84.5.82 DPT=80
7 DST=13.224.246.67 DPT=443
7 DST=13.225.74.11 DPT=443
7 DST=13.227.220.19 DPT=443
7 DST=13.227.220.38 DPT=443
15 DST=54.201.165.155 DPT=443
25 DST=44.239.243.150 DPT=443
28 DST=44.238.226.202 DPT=443
28 DST=52.89.51.163 DPT=443
28 DST=54.218.175.125 DPT=443
</code></pre>
Unifi devices (all ICMP 8):<p><pre><code> zgrep unifidrop /var/log/syslog\* | grep -v "SRC=$unificontroller" | awk '{print $12}' | sort | uniq -c | sort -h
2 DST=13.224.230.94
2 DST=143.204.9.24
4 DST=99.84.6.169
6 DST=52.84.94.172
6 DST=54.230.54.165
24 DST=52.222.138.169</code></pre>
You get great insight into the character of the leaders of a company watching how breaches are handled. Companies that put the customer first are transparent, and quickly take action (even if painful to customers) to ensure that customers’ data and systems stay intact and confidential. Companies that try to gloss over, hide or downplay things indicate that the leadership does not respect their customers and is only interested in maximizing profit/minimizing loss.
It's disappointing to see a breach like this and even more disappointing to see what (at least on the surface) appears to be a lackadaisical response.<p>At someone who runs a UniFi network in my home with just 4 pieces of hardware (gateway, wired switch, and 2 PoE WAPs) I'm really curious if there are solid alternatives for a managed home network. UniFi really hit a sweet spot of price/performance that made it a somewhat pricey; but, not totally unreasonable option for the home.<p>Any suggestions from the HN crowd?
So this week, I have gone from having a single little USG and a massive order planned for loads of kit to stopping them automatically updating the firmware and dropping that order. Extremely annoying, but not as annoying as if this had happened in a couple of weeks.
I’m still on board with Uniquiti, tons of equipment and it wouldn’t make sense to switch everything over for small operations. But this is extremely disappointing, they’re definitely moving in a little bit of a different direction then where many of us would hope.<p>More shiny products that increase bottom line is great but many IT officials rely on UniFi as well, I wonder how they’re responding to enterprise customers.<p>I just hope this incident will at least get them to put some emphasis on security again as well.
Can companies be held responsible for damages from data breaches?<p>If they could, it seems like it would incentivize more caution about what data is collected, and more investment in the security of that data.<p>I also imagine an insurance industry, where the insurers then have expectations about what kinds of security must be in place to get reasonable premiums.
Hang on a minute there<p>> Ubiquiti’s IoT gear includes things like WiFi routers<p>I understood IoT to mean wifi toasters, TVs and other home appliances. Since when was a <i>router</i> an IoT device? Are we going to call all nework devices IoT now. This strikes me as taking rather too much journalistic license.<p>In fact wtf is a <i>WiFi Router</i>. I use Unifi to deploy Wireless Acess Points on a LAN with centralized control. It is possible to do this without them having internet access at all, but it makes it rather harder to update everything. This is miles away from IoT.<p>Describing Ubiquity as a IoT company is like calling Cisco, Juniper, Mikrotik and Aruba IoT companies. This sounds like an attempt to feed the narrative that the IoT is going to eat us alive.<p>Let us focus instead on what Ubiquity actually did wrong, isn't that bad enough?
Ubiquiti has lost my business. And with the recent issues with Netgate/PfSense [1], it looks like OpnSense is the way to go.<p>[1]: <a href="https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/" rel="nofollow">https://arstechnica.com/gadgets/2021/03/buffer-overruns-lice...</a>
Ubiquiti should <i>really</i> stop making cloud logins mandatory. The latest stuff (UDM/UDM Pro, Cloud Key G2) must be connected to their cloud at installation time. Remote access can be turned off but an admin account connected to their cloud remains.<p>Without those ties to their infrastructure, this breach would not be as severe. It would just cause an attacker to see what I've bought from them, nothing else.<p>I'm glad I can still use the unifi controller in docker without any ties to UI.com however their later stuff like Unifi protect, access, talk etc no longer works with that.
What I’m curious about is, if I run my own controller on my own hardware, do I need to be concerned about this? I could understand supply chain concerns... I’ve held off updating anything while this plays out. But all these “breach! breach!” stories fail to spell out who is affected and what they need to do.
What no one seems to be really discussing is how paranoid should people be around this breach?<p>Is it a case of you probably want to rebuild machines that have default usernames/passwords? Or is it more whatever can be seen in the Ubiquiti UI might be been accessed by third parties?
Has anyone looked at Ubiquiti's firmware signing? Would it be possible to patch it to retain the drivers and kernel but replace the configuration layers? Being able to homebrew some config would make the equipment more valuable to us I think.
I can believe that they do not keep logs of the database access. As brain dead as it sounds.<p>I have been in the position of implementing a client on a API I do not control. The owners of the servers (colleagues but in a different country) do not seem to know what logs are.<p>We get random failures from the server. I can pin down to the second when they occur (not closer because of network lag). I suspect that the server is failing under load, but the way I would find out is to... Read the logs.<p>My foreign colleagues do not respond to me, ghost me entirely, when I ask them to inspect the logs.<p>Perhaps it is a Windows/Azure thing?
After seeing that they did not capture the logs. What is the “proper” way of storing said logs? I guess you need a remote logserver like logstash to store them. But what service does actually send the logs from the server to a central storage.<p>Looking into Loki, Graphite, etc. But I’m a bit at a loss where to begin.
"The Cloud" absolutely can NOT be trusted with anything serious. I'm still amazed serious people actually think it's a smart or wise idea. It's become a "Go to the fridge and get the box" type of mindless laziness by far too many marketers and developers.
Anyone know if Apple will be putting out a wifi mesh system, maybe integrated into Homepod Minis? Apple already 'owns' me, I might as well have them run my Wifi too and ditch my unifi gear.<p>At least Apple seems to care about privacy and security, even if it is a self-serving marketing scheme.
So ubiquiti can't be trusted. What are the suggestions for running a ssries if home and small office networks in rented buildings (no cabling?). A UDM + nano ap / flex HD as wireless bridges & mesh wifi gave VLANS, performance monitoring, and an ease of use that let even a junior UI dev implement use it easily and correctlywhile complying with all lease req's.<p>With the world of work at home exploding there seems to be a big missing link here.<p>I'm sitting with a big list of q's that I'm not sure I have a decent amount of time to answer. Does switching to pfsense/openwrt/something open source work with mesh? With ease of set up? Do enterprise brands offer anything worthwhile here? Do I have to regress to letting machines connect to unsecured networks?
Off topic but is there a good guide to middle level home network setup - something like using OpenWRT on (Rpis?) and turning that into a router and couple of access points.<p>I was going to press buy on the setup for some ubiquiti products till a couple of days ago :-(
I keep one 6p behind isp router to manage home network, they have good hardware but i didnt like the idea exposing to cloud, only allowed local dns, ntp. And removed all port listeners from ubi in sbin then touched a new file with same name. Latest firmware complained a lot but worked at some point. I am not sure i am fully secure but quite happy with performance
I would love to see a competitor spring up targeting the same enthusiast/prosumer segment. It seems like there are quite a few ex-employees with knowledge of how to build it.
Long-time Ubiquiti fan here<p>Their lack of Wifi 6 across the range, and the security problems drive me to look at alternatives. Found the Netgear WAX610. Very happy with them.
Am I the only one annoyed with the expression "all but"? To me it sounds like the complete opposite. "All but confirms" to me sounds like they're "doing everything else than confirming" / "all other things except confirming".
I find it really strange that so many claim that they need Ubiquiti and that there is "sadly" no other good alternative. What are people doing with their home networks? What are they comparing it with? Has anyone actually tried some of the mesh networks from TP-Link or other brands? I have one at home and honestly I don't even know what the admin management looks like because I never have to go there and do something. What are people doing? Is it that I am so ignorant to some needs which people have that they constantly need to tweak their networks at home or is it just a symptom of Ubiquity kit that requires users to constantly do something with it that now they think they need all that fancy management stuff because they got used to do so much maintenance work on something that should just work without ever having to touch it again?
On this subject, does anyone know what is up with the reddit sub, r/ubiquiti? Seems to be run by u/briellie. She(?) seems like a really toxic person with some kind of business relationship with Ubiquiti like a reseller or something.<p>The Reddit sub seems like they are actively trying to suppress discussion of this issue. There's some allegations of censorship on the sub, but I'm not seeing it... which might actually just be confirmation that they are censoring. I don't know.