Home
 » ISP News » 
Sponsored

Ubiquiti Based Wireless Broadband Networks Being Hit by Malware

Friday, May 20th, 2016 (3:01 pm) - Score 1,540

Ubiquiti Networks has confirmed that some of their kit, which is used by wireless ISPs around the world (e.g. Vispa in the UK), is being attacked by a nasty piece of self-replicating malware that infects their Linux-based AirOS firmware (used on their routers, access points and other kit).

The malware exploits a vulnerability that allows hackers to gain access to the kit over the web and without authenticating. Funnily enough the hole was plugged almost a year ago (here), but apparently not everybody was made aware (example) and some network operators have since been caught napping.

Ubiquiti Networks Update

There have been several reports of infected airOS M devices over the last week. From the samples we have seen, there are 2 different payloads that use the same exploit. We have confirmed these variations are using a known exploit that was reported and fixed last year.

This is an HTTP/HTTPS exploit that doesn’t require authentication. Simply having a radio on outdated firmware and having it’s http/https interface exposed to the Internet is enough to get infected. We are also recommending restricting all access to management interfaces via firewall filtering.

Luckily the worm in question doesn’t seem to do much except for screwing with the devices configuration a little and then self-replicating across the network, but it could so easily have been much worse. So if you’re an ISP and using any of the Ubiquiti based kit then now might be a good time to check that you’re running the most secure firmware.

Leave a Comment
3 Responses
  1. Avatar Marcus Clifford says:

    Just to confirm two things regarding this.
    Firstly, you have to be running an old version of the firmware. The update has been available for, as the article says, almost a year. This was well publicised by Ubiquiti at the time and a fix was issues before any “in the wild” exploits occurred. Also, every time you log into the device it informs you if you if you are running an older version of the firmware, so you would have had to have ignored / accepted this for the whole time.

    Secondly, this is an attack on the http(s) interface, and therefore to be executed that interface must be accessible to the malware – it would be extremely bad practice to have the interface open to the Internet at large, and would not be a “normal” situation.

    In my view, I certainly don’t see this issue being Ubiqiti’s fault or issue, it is just poor network management if you are affected by this.

  2. Avatar Captain Cretin says:

    Are Vispa having any issues??

    It could be Karma come calling.

  3. Avatar Mike Hammett says:

    It will wipe the configuration of the device, which isn’t exactly harmless.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Vodafone £21.50
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Plusnet £21.99 (*36.52)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • NOW TV £22.00 (*40.00)
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. FTTP (2884)
  2. BT (2815)
  3. FTTC (1807)
  4. Building Digital UK (1768)
  5. Politics (1704)
  6. Openreach (1657)
  7. Business (1485)
  8. FTTH (1343)
  9. Mobile Broadband (1272)
  10. Statistics (1268)
  11. 4G (1098)
  12. Fibre Optic (1080)
  13. Wireless Internet (1043)
  14. Ofcom Regulation (1040)
  15. Virgin Media (1034)
  16. EE (726)
  17. Vodafone (702)
  18. TalkTalk (687)
  19. Sky Broadband (683)
  20. 5G (560)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact