Wednesday , May 12 2021

According to the whistleblower, Ubiquiti was hit by a “catastrophic” incident

Ubiquiti is known for its user-friendly and powerful hardware, such as routers and WLAN access points. But now the insider is making serious accusations. Watson

A well-known network supplier, according to the whistleblower, was hit by a “catastrophic” incident

Network equipment vendor Ubiquiti has apparently been blackmailed and accused of covering up a potentially massive data breach. These are the most important questions and answers.

What happened?

How bad was the incident that American manufacturer Ubiquiti notified its customers by email on January 11, 2021? The Verge summarized the latest worrying findings on Thursday night. Whistleblower Ubiquiti is accused of covering up a “catastrophic” security breach – and after 24 hours of silence, the company has now released a statement that none of the whistleblower’s allegations will dispute.

Why is this important?

Ubiquiti has an excellent reputation, notes The Verge. Routers and other network devices also sold in Switzerland belonged to the prosumer class. The company name has become synonymous with high security standards and user-friendly administration.

The American manufacturer promises “seamless network integration” with its UniFi product range. Screenshot:

Originally, Ubiquiti informed its customers on January 11 about an allegedly smaller security hole in the “third cloud service provider”, but the well-known cybersecurity website KrebsOnSecurity announced on March 30 that the security hole was actually far worse than Ubiquiti wanted to admit.

A company whistleblower who spoke to Brian Krebs claims that Ubiquiti itself was hacked and that the company’s legal department thwarted efforts to fully educate customers about the dangers.

How could this happen?

According to The Verge, it’s worth reading a report by acclaimed IT security expert Krebs to see all the allegations. The bottom line is that hackers had full access to the company’s AWS servers. This is because supposedly ubiquiti The roots of the administrator login to the LastPass account left.

Attackers could use a password manager to access all Ubiquiti network devices that customers have set up to control through the company’s cloud service. And this internet service is obviously needed for some of the new Ubiquiti hardware.

What is Ubiquiti saying?

When Ubiquiti finally made a statement this week, it wasn’t exactly reassuring, comments The Verge – it was “completely inadequate”.

The company reiterated its view that it had no evidence of access to or theft of user data.

As Cancer pointed out the whistleblower explicitly stated that the company does not keep records of who accessed the hacked server and who does not. Ergo: He couldn’t have any evidence.

A statement from Ubiquiti also confirms that the hacker tried to extort money from the company, but does not mention allegations of cover-up.

The following is the original Ubiquiti statement issued by the US company following the cancer detection report:

“As we informed you on January 11, we were the victim of a cyber incident that involved unauthorized access to our information systems. Given Brian Krebs ’reporting, there is a newfound interest and attention on this issue, and we would like to provide our community with more information.

Initially, please note that nothing has changed in relation to our analysis of customer data and the security of our products since our January 11 announcement. In response to this incident, we hired external incident response experts to conduct a thorough investigation to ensure the attacker was locked out of our systems.

These experts found no evidence of access to or even targeting of customer data. The attacker, who unsuccessfully tried to extort the company by threatening to release stolen source code and certain IT credentials, never claimed to have accessed any customer data. This, along with other evidence, is why we believe that customer data was not the target of the incident or was otherwise approached in connection with the incident.

At this point, we have well-developed evidence that the perpetrator is a person who has complex knowledge of our cloud infrastructure. Because we are cooperating with law enforcement in the ongoing investigation, we cannot comment further.

All of the above, as a precaution, we continue to encourage you to change your password if you have not already done so, including any website where you use the same user ID or password. We also encourage you to enable two-factor authentication on your Ubiquiti accounts if you have not already done so. »


watson contacted Ubiquiti for comment on allegations made by The Verge. An answer is awaited.

What can Ubiquiti customers do?

Customers or users of Ubiquiti hardware have already been asked by the company to change the password for network access. They should also activate two-factor authentication to prevent unauthorized third parties from gaining access.

That said, customers can only wait and see if more information about the incident leaks. If criminal attackers resell customer data or publish it on the Internet, it is likely to become known sooner or later.

to inflate


Want to support Watson and journalism? find out more

(You will be redirected to make a payment)


15 CHF

25 CHF


The fiercest computer attacks ever

This bug on the iPhone is ingeniously practical

You may also be interested in:

Subscribe to our notifications

An armed man breaks the barrier of the American Capitol – the attackers and the policeman are dead

Less than three months after a raging mob attacked the U.S. Capitol, another fatal incident occurred in the heavily guarded parliament building. The attacker ran into two police officers in a car and then rammed the road. One of the officers was killed and the other injured, Capitol Police Chief Yogananda Pittman said Friday. The driver came out with a knife, rushed towards the other police officers and did not …

Link to the article

Source link