Russian malware on Ubiquiti hardware

Great article in Ars Technica, I presume genuine. If so, kudos to the DOJ and FBI for slick work.

Doesn’t bode well for Ubiquity

“ It affected routers running Ubiquiti’s EdgeOS, but only those that had not changed their default administrative password.”

So… how’s this at all Ubiquiti’s fault? Never versions of EdgeOS require the admin password be changed on first login, but they can’t retroactively affect older ones.

I guess Ubiquity could not have done it themselves without a court order.

Currently ~2500 EdgeOS devices publicly exposed.

Sadly this is not the first time or the last time that routers will get infected and other IoT devices… In the past it was focus on PC’s as they was easiest making into zombies… now IoT is the new power behind botnets and will continue to be for a few more years to come… until a new thing becomes better.

Its been awhile since Ive used one but dont you have to create a firewall rule in order to access the webui or SSH? Or were people doing this without changing the password

The article states that the admin username and password were default. It couldn’t be any easier to take over.

Thats normal. As long as western intelligence services don’t disclose the bugs they find and let developers / companies fix them, but instead use them to spy on people, other countries will do the same.

In companies this fact is just part of risk management. There is no secure hardware.

Use something like and don’t trust your internal network. I try to set things up in a way that every device is responsible for its own security - firewalling your internal network is of course a good idea, but trusting that firewall is not. Your workstations still have to be properly secured.

Well, except that this is completely beside the point here, because if you literally log into your router with admin/password and then proactively expose ssh and/or the webui to the Internet without at least changing the password, someone will take over your router rather sooner than later.

Yes, you can of course do that if you are super paranoid. :wink: However, you should still follow basic security best practices, such as not making the admin interface directly accessible from the internet and using strong passwords, which would have prevented 99% of the “hacks” that made the news lately.

And yes, I put “hacks” in quotes because I have hard time call it that, just as I would find it hard to call it “breaking” and entering if a stranger had entered your house when your front door was wide open with a welcome sign next to it. :wink:

1 Like

yes, you are right there. flew over the article to quickly and missed that part. :+1: to @bb77 , she / he is correct.