Check Point Research (CPR) has uncovered security vulnerabilities on the Ubiquiti G4 Instant Camera and its accompanying Cloud Key+ device. Their assessment revealed that two custom privileged processes on the camera’s network interface, operating on UDP ports 10001 and 7004, were exposed.
The camera’s network interface had two exposed UDP ports (10001 and 7004), revealing sensitive information such as platform names, software versions, and configured IP addresses.
Over 20,000 Ubiquiti devices were identified as exposed on the internet, posing risks for technical and social engineering attacks.
Vulnerabilities similar to these were first noted in 2019 by Jim Troutman and later by Rapid7, which identified nearly 500,000 vulnerable devices. Despite Ubiquiti’s claims of a patch, over 20,000 devices remain vulnerable as of today.
The discovered vulnerabilities include an amplification potential due to larger response packets from the camera compared to discovery packets, indicating the risk of amplification attacks.
Investigation revealed that the Cloud Key+ device and G4 Instant Camera communicate via ‘ping’ and ‘pong’ packets without authentication, enabling the potential for spoofed discovery packets and unauthorized access to detailed device information.
Attempts to replicate this vulnerability over the internet showed that despite port forwarding, the devices did not respond to internet probes. However, further testing revealed over 20,000 devices were still responsive to spoofed packets, echoing vulnerabilities reported under CVE-2017-0938.
The exposed data included device identification, owner names, company names, and addresses, creating significant risks for targeted attacks. Some devices even displayed warnings indicating prior compromises, such as “HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD.”
Check Point Research has reported these findings to Ubiquiti, which confirmed that the issue had been addressed. However, the persistence of these vulnerabilities underscores the challenge of fully mitigating security risks in IoT devices. The situation highlights the need for IoT devices to be designed with security in mind and the importance of timely updates and patches to protect against ongoing threats.
As the cybersecurity landscape evolves, the industry must remain vigilant in identifying and addressing vulnerabilities, particularly in the rapidly growing IoT sector.
