Ubiquiti has reported that they have rectified a critical vulnerability which allowed its users to inadvertently access other people’s security camera footage, as well as accounts and devices unrelated to their own. This unwarranted access was due to a cloud system misconfiguration that has now been resolved, ensuring that all Ubiquiti accounts are correctly segregated across their infrastructure.
The issue first came to light on Wednesday when a customer took to Reddit to describe an unusual event: his wife received a notification from UniFi Protect showcasing an image from a camera they did not own. Ubiquiti’s UniFi Protect is an application designed for managing their security cameras, which should only provide access to the user’s own devices, not the feeds of others.
The unexpected notification displayed footage from an unknown camera and, adding to the customer’s confusion, his wife discovered that only their actual cameras were present in the Protect app upon inspection. This bizarre occurrence prompted concerns over a possible security compromise, including speculation about a disgruntled developer potentially tampering with the system. Despite the alarming circumstances, Ubiquiti failed to provide an immediate comment when reached out to by The Register.
Following this singular event, other Ubiquiti customers echoed similar experiences of receiving notifications or having access to unknown devices. Despite the less serious take of one responder who attributed the issue to the inherent risks of connecting devices to the internet, the company admitted the problem began on the morning of December 13. Ubiquiti thanked users for their input on their support forum, which assisted in identifying the issue linked to an upgrade of the UniFi Cloud Infrastructure.
Although the exact number of affected clients remains unclear, Ubiquiti examines the incident’s scope and confirms that the misconfiguration has been corrected. Moreover, the company confirms that the reports by users on Reddit were indeed accurate. A small subset of individuals received notifications from equipment owned by others, suggesting a breach of account isolation.
Additionally, a few of the individuals who received mismatched push notifications may have inadvertently gained temporary access to others’ accounts. Ubiquiti believes that fewer than twelve people experienced strangers accessing their accounts remotely and has pledged to reach out to these customers by email. This outreach will likely follow after dealing with another security issue, involving potential compromises by Russian cyber-groups on Ubiquiti routers.
Seguridad en la Nube y AWS La seguridad en la nube es un elemento esencial…
Ciberseguridad y TI Hacking Ético Ciberseguridad La ciberseguridad es fundamental en el mundo actual donde…
Introducción a la ciberseguridad y TI Hacking etico ciberseguridad En el mundo digital de hoy,…
Introducción a la ciberseguridad y TI servicio de IAM Entornos Multicloud En el mundo actual,…
# Beneficios de seguridad de la computación en la nube ## Introducción La computación en…
Brechas de seguridad en la computación en la nube La computación en la nube ha…
This website uses cookies.