Recently, Check Point Research (CPR) looked at the Ubiquiti G4 Instant Camera and the accompanying Cloud Key+ device. They found that over 20,000 Ubiquiti devices were being exposed on the Internet, revealing data such as platform names, software versions, configured IP addresses, and more, which could be used for technical and social engineering attacks.
The G4 Instant Camera is a compact, wide-angle, WiFi-connected camera with two-way audio. CPR conducted an attack surface assessment and discovered two custom privileged processes exposed on the camera’s network interface: Ports 10001 and 7004, both using UDP protocol.
In 2019, denial-of-service (DoS) attacks were reported on Ubiquiti devices by exploiting a service on 10001/UDP. Despite Ubiquiti addressing this issue and releasing patches, over 20,000 devices remain vulnerable, highlighting the challenge of fully mitigating vulnerabilities in Internet of Things (IoT) devices.
Check Point Research contacted Ubiquiti regarding the exposed devices, and Ubiquiti stated that the issue has been patched, with devices running the latest firmware only responding to internal IP addresses.
Preventing this attack on your Ubiquity cameras and routers is easy enough. Simply update the software that these devices are running. This applies to all of your IoT devices, making sure that the software that they run is up to date is the best way to prevent malicious attacks from impacting your device.
For more information, check out Check Point’s report here.