Massive attacks to Ubiquiti Hardware

lacer · 16 mei 2016, 01:16

Kreeg van Landashop volgend berichtje in m'n mailbox:

URGENT WARNING: Massive attacks to Ubiquiti Hardware
_RECOMMENDATIONS_

Dear customers,

Since last Friday, the current software base of Ubiquiti Networks has suffered a wave of attacks that have affected many WISP customers and operators worldwide. Apparently, it is caused by a virus with global reach that exploits a localized vulnerability that was already resolved last year, and that especially affects Ubiquiti AirMax and AirFiber hardware with the following (or previous) firmware releases:

Airmax 5.6.4(XM/XW), 4.0.4(XS)
AirFiber AF24/AF24HD 2.2.1 or 3.2.
AirFiber AF5X 3.0.2.1+

While waiting for an official statement from the manufacturer, here at Landatel we want to warn you about this situation and recommend this article (in spanish) done by a group of clients and friends who have researched over the weekend in order to provide a solution that detects and cleans infected hardware.
http://www.sincables.net/2016/05/ataque ... -ubiquiti/

As preventive measures, and because the virus attacks hardware with outdated firmware, we suggest you install ASAP the latest published firmware for all affected models. We also siggest you to block HTTP(S) and SSH access to the equipment and follow closely the following Ubiquiti forum thread: https://community.ubnt.com/t5/airMAX-Ge ... 40/page/13

From here, we want to give our most sincere appreciation to Pedro Garcia (Impulzia), Franscisco Hidalgo (IB-Red), David Vaello (Vaecom), Juan Miguel Gallardo (Codisa) and Victor De La Nuez (WiFi Canary Islands).

Yours sincerely,
Landatel

Najnenna · 19 mei 2016, 10:52

Dit is een veel voorkomende infectie vector voor ransomware

MClaeys · 19 mei 2016, 13:00

Goed om te weten, zelf geen mail gehad.

ubremoved_539 · 19 mei 2016, 13:04

Ik heb een gelijkaardige mail gehad van UBNT zelf... nu voor de gemiddelde consument is het geen probleem (die heeft normaal geen Airmax/fiber hardware in huis denk ik).

MClaeys · 19 mei 2016, 14:12

Zal eens in mijn spam kijken dan, heb er zo enkele besteld een tijd geleden voor iemand om te testen. Wel niet heel lang geleden dus die hebben misschien geen impacted firmware.