Threat Watch

Vulnerability in 485,000 Ubiquiti Devices Makes Them Susceptible to DDoS Attacks

A large majority of Ubiquity devices are being exploited through a discovery service running on UDP port 1001. A senior researcher made a comment that stated, “The amplification factor is 30-35x but does not appear to suffer from multi-packet responses, at least with what is known today. With such a large quantity of potentially vulnerable devices exposed, a DoS harnessing the available bandwidth and power of these systems could be used to conduct an attack in excess of 1Tbps, which is a crippling amount of traffic to all but the most fortified infrastructure.” Most of these devices are located in Brazil but other devices are located in Spain and The United States. The devices that are found to be in danger are NanoStation (172,000), AirGrid (131,000), LiteBeam (43,000), PowerBeam (40,000), and NanoBeam (21,000). Of these devices, 17,000 are already believed to be defaced which gives the notion that they are operating on old firmware. The proper entities have been informed of this issue and they are working on a resolution.


Users are recommended to inspect their account and limit access to the service. A firewall or access control list (ACL) should be used to lower the use of recommendations from Ubiquiti.