20,000+ Ubiquiti Devices Exposed: Personal Data at Risk Due to Critical Flaw
Check Point Research specialists have identified a vulnerability affecting over 20,000 Ubiquiti devices connected to the internet. This flaw grants malicious actors access to the personal data of device owners.
At risk are the popular Ubiquiti G4 Instant Wi-Fi cameras and Cloud Key+ devices. The root of the issue lies in two privileged processes accessible via the network interface. Unprotected ports 10001 and 7004 operate through the User Datagram Protocol (UDP)—a fundamental communication protocol.
The problem’s scale is so vast that some compromised devices already display alarming messages such as “HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD.”
The investigation revealed that vulnerable devices expose various types of information: from platform names and software versions to configured IP addresses. This data is a valuable asset for malicious actors planning social engineering attacks, for instance.
Notably, the discovered vulnerability is not new. As far back as 2019, it was exploited for denial-of-service (DoS) attacks on Ubiquiti devices. At that time, Rapid7 specialists identified nearly half a million vulnerable devices. Despite patches released since then, the problem has not been completely resolved.
Check Point Research experts experimented by sending spoofed packets to detect devices in their test network. Both the G4 camera and the CK+ device responded to these packets, confirming the researchers’ concerns. A random check indicated that over 20,000 devices on the internet, likely not updated, also responded to the spoofed requests.
Decoding the hostnames revealed detailed information about the devices, including owners’ names and locations. Other vulnerable models included the NanoStation Loco M2 and AirGrid M5 HP. The information obtained about the owners included full names, company names, and addresses.
Although Ubiquiti previously released a patch to address the vulnerability and stated that devices with the latest firmware respond only to internal IP addresses, Check Point specialists note that even simple mistakes can remain serious attack vectors for years.
Fixes for IoT devices are distributed slowly, and some users never update their systems. Therefore, it is crucial to design IoT devices with security principles in mind and integrate mechanisms to protect against exploits and malware from the earliest stages.
Device owners are advised to check if their cameras and other gadgets have the latest firmware installed.
