20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers

[TonyR]

20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers

In the cloud, patches disseminate automatically. On your computer, you get notified. IoT devices, meanwhile, can escape attention for years on end.

www.darkreading.com

 

[Teken]

I believe the key points are the vast majority of the IoT devices that are cloud dependent are rarely if ever provided a security fix when a vulnerability is discovered.

I’ve said this thousands of times over the years that this whole Cloud First vs Local First will ultimately be the Internet’s demise!

I personally would love to see the entire world stop working for a month. Just to see how so called experts try to deal, grasp, and than move forward as to - How.

This is one of the Great Resets the entire world needs . . .

 

[steve1225]

In case of Ubiquity this is not a problem of missing fix for device or being depended of cloud (Cloud First vs Local First).

This vulnerability was reported in 2019.. and at that time there were about 500.000 devices affected by this problem.
Ubiqity released firmware update to fix that almost instat.

Now in 2024 we have 20.000 devices on very old firmware. Where owners simply didn't upgraded them.

So this is a problem of IOT device owners who haven't upgraded the firmware FOR YEARS!!!

Like in this forum is very popular believe that we shouldn't upgrade firmware on cameras & NVR's if they work properly..
Becouse there were a few situations in past when new firmware from Dahua/HIK broke some existing features.

But this is not true.
Both HIK and Dahua in last years regularly fixed different vulnerabilities or upgraded protocols/default settings to more secure.

And we should have them installed..
To not have problems like this.

 

[TonyR]

Like in this forum is very popular believe that we shouldn't upgrade firmware on cameras & NVR's if they work properly..
Becouse there were a few situations in past when new firmware from Dahua/HIK broke some existing features.

But this is not true.
Both HIK and Dahua in last years regularly fixed different vulnerabilities or upgraded protocols/default settings to more secure.

And we should have them installed..
To not have problems like this.

I just don't let my cameras have access to the Internet.

 

[steve1225]

I just don't let my cameras have access to the Internet.

I don't..
But there is also NVR & intercom part - where without P2P You are loosing mobile / DMSS notifications..

We have 2024... everything is now cloud connected...
mobiles, TVs, internet routers, inteligent speakers, all smart relays / lights / sensors, alarms, vacuum robots, kitchen appliances..

blocking internet access to all IoT devices is not a solution - that access gives us mobile app control / notifications & features...

so upgrading firmware on everything is next best solutions for now..

 

[TonyR]

I don't..
But there is also NVR & intercom part - where without P2P You are loosing mobile / DMSS notifications..

We have 2024... everything is now cloud connected...
mobiles, TVs, internet routers, inteligent speakers, all smart relays / lights / sensors, alarms, vacuum robots, kitchen appliances..

blocking internet access to all IoT devices is not a solution - that access gives us mobile app control / notifications & features...

so upgrading firmware on everything is next best solutions for now..

I understand and agree but let me clarify when I said "....I just don't let my cameras have access to the Internet."
I don't have any other IoT devices or devices that use P2P or "the cloud'.....I myself have exclusive access to the Internet in my house and I trust "me".

 

[AlwaysSomething]

How about the fact that all new cars and trucks are "connected" and we cannot prevent them from connecting....

There was also a Bill created (but I don't think raised yet) to force all car manufacturers to have a way for the government to disable a car.