Important message if you manage your own Ubiquiti equipment

We identify as both EERO and Ubiquiti fan boys. Ruby isn’t exactly an IT nerd, but she does like the EERO we set her up with so she can better help people when they call in.

Ubiquiti is more of a prosumer/small business/managed IT gear sort of thing. We love it for schools, public transit (we are deploying public WiFi at 7 park and ride / transfer stations in Kitsap), businesses with more than a dozen employees. Busy complex places; you wouldn’t believe the back of Sluy’s bakery, it takes a lot of dough (flour and Benjamins) and equipment to make all those goodies.

All manufactureres of routers have to constantly release security updates for their router/firewall functions. The world wide web is no longer a friendly place; we are dominated by machines automatically probing for vulnerabilities. A recent code vulnerability exploit (CVE) notice came out which was a doozy. If you chain 3 seperate vulnerabilities in series, you get immediate, root (god mode) access to the operating system running on a Ubiquiti firewall. Ubiquiti patched promptly, but the patch was boffed, they did the cardinal sin of a security patch plus some “features” in one release. It was bad. We held off for a few days because the storm of people complaining online of their networks tanking after the upgrade was too much risk. I mean, I need my fritter after all; what if the 50 gallon dough mixer became non-responsive and tossed 200 pounds of dough all over the proofing room?

Within 24 hours of the the CVE being posted, our cloud keys got compromised. I spent the last 30 hours doing triage. We are back and better than before. Nobody noticed because we were careful. A dedicated firewall now protects the cloud keys from the general internet, access to the web pages for management can only happen behind a VPN. Yeah yeah yeah, I hear you saying why wasn’t it like that in the first place? We set the first one up in 2012, and they have been working flawlessly for years, just careful curation of when to apply the updates from Ubiquiti to avoid the rough ones.

If you manage your Ubiquiti equipment and haven’t checked on your system lately, please, you absolutely have to be patched up to date. If the update causes other issues, it is better than the alternative. The rough spots in performance will get resolved, likely within days. If you have a company that does IT for you (other than us, we are 100% patched and clean), please ask them to make sure you are patched and not compromised. If you get compromised, the equipment is effectively e-waste. Our fleet of cloud keys is factory reset (which doesn’t remove the infected binaries, like cron, crontab, sh, python, java) and resting in the e-waste tote to take to the transfer station.