Seems like it’s just as bad as Eufy’s debacle with their push notifications.
The OP is getting screenshots from someone else’s system!
https://www.reddit.com/r/Ubiquiti/comments/18hgpw1/security_problem/?utm_content=1&sort=new
Yup, interesting for sure.
Does UniFi protect only use cloud or can it only be local without the cloud at all?
You can totally have it local only, just no push notifications for motion or sensors.
Here’s UI’s response.
Dear Ubiquiti Community -
Yesterday, thanks to your feedback and support, we were made aware of a small number of instances where users received push notifications on their mobile devices that appeared to come from unknown consoles, or where such users were able to access consoles that didn’t appear to be their own.
We have since identified – and addressed – the cause of this problem. Specifically, this issue was caused by an upgrade to our UniFi Cloud infrastructure, which we have since solved.
- What happened?
1,216 Ubiquiti accounts (“Group 1”) were improperly associated with a separate group of 1,177 Ubiquiti accounts (“Group 2”).
- When did this happen?
December 13, from 6:47 AM to 3:45 PM UTC.
- What Does this Mean?
During this time, a small number of users from Group 2 received push notifications on their mobile devices from the consoles assigned to a small number of users from Group 1.
Additionally, during this time, a user from Group 2 that attempted to log into his or her account may have been granted temporary remote access to a Group 1 account.
- What is the Current Status?
Ubiquiti has solved this misconfiguration with its cloud infrastructure - the problem is solved and all Ubiquiti accounts are now properly associated across our infrastructure.
- How many Accounts from Group 1 Were Actually Improperly Accessed by a User from Group 2?
We are still investigating but we believe less than a dozen.
- How Do I Know if my Account was Improperly Accessed?
We plan to reach out to any accounts in the Group 1 population via email.
1 Like