Hacking ethics — Unsecuring Unifi?

There is an interesting debate going on in the Unifi forums over at LowYat.net

Basically, when TM rolled out their fiber optic internet broadband service called Unifi, they:

(a) used hardware that had known firmware security holes AND forced every Unifi customer to use said hardware

and

(b) installed a “backdoor” into each Unifi-distributed router on the pretext that the backdoor will be used by Unifi remote technicians should the customer need help. The problem is that this back door can be used by ANYONE, and not just Unifi staff

One of the LowYat.net forums members found both problems and posted an extensive guide about how users can fix the problems above themselves. However, by doing so, he has also brought visibility to the problem, and any customer who does not follow his advice is vulnerable to a blackhat hacker attack.

The same person also recently did a scan of the Unifi network, and at least 60% of the customers seem to be unaware of the weaknesses in the system or know about the vulnerabilities but have chosen not to, or are unable to do anything about it. For these people, numbering in the thousands of customers (including business customers!), the end result is the same: their networks are vulnerable to hackers and can be disabled, hacked, exploited, and invaded AT ANY TIME.

After reading the guide, and even someone like myself, who has zero knowledge about Linux or hacking should be able to get into an unsecured Unifi router with little more than a single click of a button.

Potentially, this means that someone who is really deranged can disable 60% of the Unifi network by crashing the customers’ routers. Just write a script to auto-scan the network for unsecured routers, tap into each one with the “backdoor” vulnerability TM has placed into each router, and disable the router permanently e.g. replace the firmware. 

The question is whether or not this person should have released information about the vulnerability in the first place. I’m thinking that he did the right thing — if he didn’t tell the community about the vulnerability, then only the “people in the know” would have the knowledge, and then 99% of the Unifi network would be unsecure, and any person who belonged to the 1% group could exploit the network as he pleased. 

At least now, we have at least 40% of the Unifi customers who have secured their routers, and are aware of the vulnerability and have taken steps to protect themselves such as replace the vulnerable routers altogether. At least now, TM is aware that the customers are aware, and this should put pressure on them as an organization to do something about it. If they don’t, does this open them up to a massive class action lawsuit? possibly. Imagine if a hacker used this backdoor to invade your network, stole all your banking account passwords and/or caused damage to your business — wouldn’t TM be liable?

This is the guide written by the LowYat forumer, and his explanation and instructions how to fix the vulnerability:

http://unifi.athena.my/

If you’re a Unifi customer, i strongly suggest you read it and apply the counter-measures mentioned there.

Edit: Read this EXCELLENT follow up from the LowYat forumer who found and helped us patch the vulnerability. He discusses the sort of havoc a blackhat hacker can do to anyone on the unsecured Unifi network.

Advertisements

3 thoughts on “Hacking ethics — Unsecuring Unifi?

  1. No. I am not totally agree with you. In my opinion, Unifi responsibility is just to provide router and that is it, full stop. It is up to the user to provide their own protection such as firewall (software/hardware), antivirus and whatever you can think of. For the “backdoor” issue, yes it is not ethical but you have to look at the whole picture. From the fiber optic to the router. It is still belong to TM, please read the term and condition under Leased Equipment. And please remember, you will be held responsible if you damage the router. So, in order TM to minimize their operation cost. The “backdoor” will provide a very good tools for them to rectify your problem without going to your house. Just imagine how much time and money saved. If not, all this will be added in you bill for maintenance.

    Like

  2. I’m sorry, but you seem to not understand the problem.
    The “backdoor” TM has installed on their routers allow ANYONE (including malicious hackers) to break into the network of the customer and steal vital information such as IDs and passwords, and even leech bandwidth (bandwidth theft).
    Imagine you were to buy a car. However, the manufacturer made it so that anyone with a few simple skills can break into your car and steal it. How would you feel?
    Also, TM has responded to me personally, and they acknowledge the problem and will do what they need to do to remove the vulnerability.
    Refer to this:
    http://forum.lowyat.net/topic/1557389/+1800#
    The email is from their Vice President of Corporate Communications, Ms Izlyn Ramly.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s