Article 6H9VA Ubiquiti Fixes Massive Bug That Allowed Users To View Others' Security Cameras

Ubiquiti Fixes Massive Bug That Allowed Users To View Others' Security Cameras

by
hubie
from SoylentNews on (#6H9VA)

janrinok writes:

Internet of Things security remains sketchy at best:

A new development now puts the spotlight squarely on networking device manufacturer Ubiquiti after the company admitted that a misconfiguration with its cloud infrastructure allowed some of its customers to watch footage from strangers' security cameras.

The admission came days after some Ubiquiti customers reported seeing images and videos from other people's cameras through the company's Unifi Protect cloud app. One of the first persons to report the bug was a Redditor claiming his wife received a notification, which included an image from a security camera that didn't belong to them.

[...] A Ubiquiti customer on the company's forum claimed to have accessed "88 consoles from another account" when logging into the Unifi portal. The user had full access to these devices until refreshing their browser. After that, the client returned to normal, with only owned devices showing.

[...] The company claims the problem happened due to an upgrade to Ubiquiti's UniFi Cloud infrastructure, which it has since resolved. So, customers should no longer worry about their other users accessing their cameras and UniFi accounts. While the company claimed the bungle affected 1,216 accounts in one group and 1,177 in another, supposedly fewer than a dozen instances of improper access occurred. It added that it would notify those customers about the breach.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments