Ubiquiti Fixes Massive Bug That Allowed Users To View Others' Security Cameras
janrinok writes:
Internet of Things security remains sketchy at best:
A new development now puts the spotlight squarely on networking device manufacturer Ubiquiti after the company admitted that a misconfiguration with its cloud infrastructure allowed some of its customers to watch footage from strangers' security cameras.
The admission came days after some Ubiquiti customers reported seeing images and videos from other people's cameras through the company's Unifi Protect cloud app. One of the first persons to report the bug was a Redditor claiming his wife received a notification, which included an image from a security camera that didn't belong to them.
[...] A Ubiquiti customer on the company's forum claimed to have accessed "88 consoles from another account" when logging into the Unifi portal. The user had full access to these devices until refreshing their browser. After that, the client returned to normal, with only owned devices showing.
[...] The company claims the problem happened due to an upgrade to Ubiquiti's UniFi Cloud infrastructure, which it has since resolved. So, customers should no longer worry about their other users accessing their cameras and UniFi accounts. While the company claimed the bungle affected 1,216 accounts in one group and 1,177 in another, supposedly fewer than a dozen instances of improper access occurred. It added that it would notify those customers about the breach.
Read more of this story at SoylentNews.