Ubiquiti AirOS wi-fi devices under worm attack

By

Self-propagating malware infects thousands of devices.

Devices from wireless equipment vendor Ubiquiti Networks running old firmware are being actively attacked by a self-propagating malware, with multiple infections reported from the United States, Brazil and Spain over the weekend.

Ubiquiti AirOS wi-fi devices under worm attack

A Ubiquiti support staffer confirmed the company's devices were currently under attack.

"There have been several reports of infected AirOS M devices over the last week. From the samples we have seen, there are 2-3 different variations," they said.

"We have confirmed at least two of these variations are using a known exploit that was reported and fixed last year."

The fix stopped unauthorised users from gaining access to devices via both the clear-text hyper text transfer protocol (HTTP) and the secured HTTPS variant. 

A Ubiquity dealer who didn't wish to be named told iTnews the current worm was dangerous for those who got hit by it.

"Unlike past malware that tried to install network proxies and set up domain name system redirection, the current worm tries to install itself across as many radios as it can, and shut them down," the dealer said.

In the Ubiquiti user forums, wireless internet service providers reported that vulnerable systems got infected easily.

"Simply having a radio on out of date firmware and having its http/https interface exposed to the internet is enough to get infected," a user wrote.

Worm attacks can be mitigated by firewalling off traffic and ensuring access points have no direct communication with each other, the dealer told iTnews.

The following Ubiquiti devices running old firmware should be upgraded as soon as feasible and HTTP and HTTPS management traffic cordoned off:

  • airMAX M
  • airMAX AC
  • ToughSwitch
  • airGateway
  • airFiber

AirOS firmware version 5.6.2 or older is vulnerable to the worm attack.

The malware scans subnets and distributes itself to other Ubiquity systems it can identify. Ubiquiti administrators are reporting mass infections from the worm.

It is possible to remove the worm manually with a script or by installing Red Hat's Ansible automation tool.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
securitywifi

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?