Tens of thousands of small office/home office (SOHO) devices produced by Ubiquiti Inc. are currently at risk due to a five-year-old vulnerability that researchers have recently shed light on.
Back in January 2019, broadband Internet expert Jim Troutman raised a red flag regarding an exposed port in numerous Ubiquiti Internet of Things (IoT) devices being exploited in denial-of-service (DoS) attacks. The vulnerability, labeled CVE-2017-0938, received a high 7.5 score on the CVSS scale due to its severity.
Despite Ubiquiti acknowledging and resolving the issue, concerns persist as researchers from Rapid7 found close to 500,000 vulnerable devices seven months later. Fast forward to the present day, roughly 20,000 devices are still exposed to potential attacks, as highlighted in a recent blog post by Check Point Research.
Radoslaw Madej, the team leader for vulnerability research at Check Point Software, expressed worry over the compromised devices, stating that basic device fingerprinting revealed instances of compromise. The possibility of more compromised devices existing cannot be ruled out.
Moreover, Check Point emphasized that aside from being leveraged in a SOHO botnet for DoS attack amplification, the compromised devices could also leak sensitive data, posing additional privacy risks.
The investigation into Ubiquiti devices like the G4 Instant Camera unearthed an additional exposed process beyond the original one discovered five years ago. The newly found exposed process, operating on port 7004, facilitated communication between devices and the CloudKey+ controller without any authentication required. This flaw allowed researchers to obtain specific device information, as well as details about owners’ names and locations with just one packet.
Madej pointed out the alarming implications of this data leakage, noting that it could potentially aid malicious actors in launching targeted attacks by posing as legitimate service providers based on the sensitive information retrieved.
Although patched Ubiquiti products have safeguards against Internet-based attacks by not responding to pings from external sources, a concerning number of unpatched devices remain vulnerable in the wild. This issue reflects broader challenges in IoT security, where end users often overlook the importance of regularly updating and securing connected devices, ranging from routers to smart home appliances.
In light of these findings, Madej emphasized the need for automatic updates to be enabled by default on all devices to alleviate the burden on end users and enhance overall security in the IoT ecosystem. As cyber threats continue to evolve, proactive measures such as timely patching and regular security updates are crucial to safeguarding against potential risks posed by vulnerable devices.