Users are being warned by researchers about a five-year-old vulnerability on the open Internet PE that affects tens of thousands of small office/home office (SOHO) devices sold by Ubiquiti Inc.
Researchers are alerting users to the fact that tens of thousands of Ubiquiti Inc.-sold small office/home office (SOHO) devices are susceptible to a five-year-old issue on the open Internet. Expert in broadband Internet Jim Troutman issued a warning in January 2019 about denial-of-service (DoS) attacks that were taking advantage of an open port on numerous Ubiquiti Internet of Things (IoT) devices. The CVSS scale gave the underlying vulnerability, CVE-2017-0938, a “high” 7.5 score. Researchers from Rapid7 were still able to identify about 500,000 susceptible devices seven months later. Furthermore, Check Point Research reported that approximately 20,000 devices are still vulnerable, despite Ubiquiti having long since acknowledged and fixed the problem.
Check Point Software’s vulnerability research team chief, Radoslaw Madej, states, “We can see that some of them were compromised.” Furthermore, I have only performed very basic fingerprinting on the devices. There could be a greater number of them that are also at risk. In addition, Check Point cautioned that infected devices may leak potentially sensitive data in addition to being deployed in a SOHO botnet for the purpose of amplifying DoS attacks.
When Check Point probed Ubiquiti devices such as the G4 Instant Camera, an Internet-capable camera with two-way audio, it focused on port 10001, the location of the exposed process that was initially discovered five years prior. The relevant service is the discovery protocol from Ubiquiti, which facilitates communication between the device and its CloudKey+ controller. The Check Point researchers found that no authentication was needed when talking with the CloudKey+ or any of its linked devices using spoof packets. In addition, the messages they got back in response to their pings contained detailed information on the devices as well as the identities and locations of their owners.
Knowing the exact software version, the person’s name, the kind of router they have, and their business address would make it simple for me to launch an assault against this entity. Finding their contact information would allow me to give them a call and introduce myself as the Internet provider. I have some maintenance to undertake. Give me access to the administrative panel. Since I can provide them with all the information they require, I can authenticate my identity for them.” The Problem with the Internet of Things Patched Ubiquiti equipment is protected from Internet-based assaults by only responding to ping requests from internal IP addresses rather than those originating from the general Web.
Tens of thousands of impacted items in the field are still unpatched, even though a straightforward remedy is readily available. IoT security in general appears to be more relevant in this situation than Ubiquiti specifically. “We got used to patching our Windows machines and MacBooks and mobile phones and whatnot, but we’re still not really used to the fact that we should also take care of our IoT devices, be it Wi-Fi routers, cameras, vacuum cleaners, fridges, and washing machines,” adds Madej. “Of course,” he continues, “the question is: How much should an end user even care about it? These days, automatic updates ought to be enabled by default on all devices. That is not anything that should worry me.
“We got used to patching our Windows machines and MacBooks and mobile phones and whatnot, but we’re still not really used to the fact that we should also take care of our IoT devices, be it Wi-Fi routers, cameras, vacuum cleaners, fridges, and washing machines,” adds Madej. “Of course,” he continues, “the question is: How much should an end user even care about it? These days, automatic updates ought to be enabled by default on all devices. That shouldn’t be an issue for the final user, in my opinion.”
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
