Ubiquiti’s latest hack highlights troubled security path for operators
In January, equipment vendor Ubiquiti told customers to reset their passwords due to a security breach involving a third-party cloud provider.
The announcement appeared to be a relatively routine security warning. Such alerts among equipment vendors have become increasingly common as the noise around cybersecurity continues to rise.
However, the situation took on added weight when security researcher Brian Krebs reported last month that the issue was in fact a “catastrophic” security breach, citing comments from a whistleblower involved in the situation.
According to Krebs, the hack penetrated Ubiquiti’s servers in Amazon’s cloud, giving the intruders remote access and full source code control. “Such access could have allowed the intruders to remotely authenticate to countless Ubiquiti cloud-based devices around the world,” he wrote.
That blockbuster report sparked widespread concerns about the company’s equipment. The financial analysts at Raymond James last month warned Ubiquiti investors that “we see this as a good opportunity to highlight the risks and opportunities as investors think about the evolution of the security landscape. These claims are impactful, as, according to the whistleblower, the company massively downplayed a breach of their entire network that gave the bad actors essentially god mode access to all of the company’s networks as well as routers and security products installed in customers’ businesses and homes.”
In the last 30 days, Ubiquiti’s stock has been all over the place. It was trading as high as $389.88 a share on March 26; its closing price on Wednesday was $275.41.
To be clear, most of Ubiquiti’s business – including the gadgets involved in the hack – is centered on selling gear such as Wi-Fi routers, security cameras and network video recorders. But roughly a third of Ubiquiti’s revenues come from the sale of radio, basestation and backhaul equipment, mainly to fixed wireless network operators. In the US, Ubiquiti’s network operator customers have included the likes of Etheric Networks, Common Networks and Rise Broadband.
To read the complete article, visit Light Reading.