Ubiquiti, a large vendor of cloud-enabled Internet of Things (IoT) devices such as Wi-Fi Access Points, Video Recorders, and Security Cameras recently faced a security incident. Ubiquiti stated an incident at a third-party cloud provider potentially exposed customer information including user credentials to remotely manage Ubiquiti devices. The company sent an email urging customers to change their passwords and enable multi-factor authentication as soon as possible. CyberHoot was asked by multiple customers if this was a phishing email (as it was urgent, had links, and was unexpected). After some quick research and a visit to Krebs on Security blog, we determined it was legitimate and urged our clients to take action. 

Ubiquiti Response

Ubiquiti’s email, sent to customers on January 11th, 2021, explained that “unauthorized access to information technology systems hosted by a third party cloud provider,” had put credentials at risk and urged all clients to take action as described in the email below: 

ubiquiti

The announcement sent by Ubiquiti may look like a potential phishing email due to them addressing the user as ‘customer’ and urging actions to be taken, but it has been verified on their website as authentic. This warning from Ubiquiti is notable because they’ve made it hard for users with the latest Ubiquiti firmware to communicate with their devices without first authenticating through the company’s cloud-based systems. This has become a pain point for many customers, as evidenced by numerous threads on the topic in the company’s user support forums over the past few months:

“While I and others do appreciate the convenience and option of using hosted accounts, this incident clearly highlights the problem with relying on your infrastructure for authenticating access to our devices. A lot us cannot take your process for granted and need to keep our devices offline during setup and make direct connections by IP/Hostname using our Mobile Apps.”  

Improving Security

With the security incident at Ubiquiti putting user’s information at risk, users with accounts at the domain should update their security settings ASAP. To manage your security settings on a Ubiquiti device, visit https://account.ui.com, and log in. Click on ‘Security’ from the left-hand menu. Perform the following tasks, use the image below as a reference:

1. Change your password (unique, 14+ characters, stored in password manager)
2. Set a session timeout value
3. Enable 2FA (most important step)


https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/

Conclusions

Log into your Ubiquiti cloud account and update your security settings with a new unique 14+ character password (stored in your password manager) and enable 2FA today!

To learn more about the Ubiquiti Incident, watch this short video: