Ubiquiti

From Wikipedia, the free encyclopedia
  (Redirected from Ubiquiti Networks)
Jump to navigation Jump to search

Ubiquiti Inc.
TypePublic
NYSEUI
Russell 1000 Index component
IndustryComputer networking, energy
FoundedOctober 2003; 18 years ago (2003-10)[1]
FoundersRobert Pera
Headquarters,
United States
ProductsComputer networking devices
RevenueIncrease US$1.016 billion (2018)[2]
Increase US$314.142 million (2018)[2]
Increase US$196.290 million (2018)[2]
Total assetsIncrease US$1.022 billion (2018)[2]
Total equityDecrease US$315.748 million (2018)[2]
Number of employees
843 (as of June 30, 2018)[2]
Websitewww.ui.com Edit this at Wikidata

Ubiquiti Inc. (formerly Ubiquiti Networks, Inc.) is an American technology company founded in San Jose, California, in 2003.[1][3] Now based in New York City,[4] Ubiquiti manufactures and sells wireless data communication and wired products for enterprises and homes under multiple brand names.

Products[edit]

Ubiquiti's first product line was its "Super Range" mini-PCI radio card series, which was followed by other wireless products.

The company's Xtreme Range (XR) cards operated on non-standard IEEE 802.11 bands, which reduced the impact of congestion in the 2.4 GHz and 5.8 GHz bands.[citation needed] In August 2007 a group of Italian amateur radio operators set a distance world record for point-to-point links in the 5.8 GHz spectrum. Using two XR5 cards and a pair of 35 dBi dish antennas, the Italian team was able to establish a 304 km (about 188 mi) link at data rates between 4 and 5 Mbit/s.[5]

The company (under its "Ubiquiti Labs" brand) also manufactures a home-oriented wireless mesh network router and access point combination as a consumer-level product, called AmpliFi.[6]

Brands[edit]

Ubiquiti product lines include UniFi, AmpliFi, EdgeMax, UISP, AirMax, AirFiber, GigaBeam, and UFiber. The most common product line is UniFi which is focused on home and business wired and wireless networking. EdgeMax is a product line dedicated to wired networking, containing only routers and switches. UISP, announced in 2020, is a range of products for internet service providers.[7]

AirMax is a product line dedicated to creating point-to-point (PTP) and point-to-multi-point (PtMP) links between networks. AirFiber and UFiber are used by Wireless Internet Service Providers (WISP), and Internet Service Providers (ISP) respectively.

Software products[edit]

UniFi controller is a software package that can either run on special hardware (UniFi Cloudkeys, UniFi Dream Machine) or can be installed on Linux, Mac, or Windows. The controller manages all connected devices (access points, routers, switches, cameras, locks) and provides a single point for configuration and administration.

WiFiman.com is an internet speed test tool that is integrated into most Ubiquiti products. It has mobile apps and a web version.

Security issues[edit]

U-Boot configuration extraction[edit]

In 2013, a security issue was discovered in the version of the U-Boot boot loader shipped on Ubiquiti's devices. It was possible to extract the plaintext configuration from the device without leaving a trace using Trivial File Transfer Protocol (TFTP) and an Ethernet cable, revealing information such as passwords.[8]

While this issue is fixed in current versions of Ubiquiti hardware, despite many requests and acknowledging that they are using this GPL-protected application, Ubiquiti refused to provide the source code for the GNU General Public License (GPL)-licensed U-Boot.[9][10] This made it impractical for Ubiquiti's customers to fix the issue.[9] The GPL-licensed code was released eventually.[11]

Upatre Trojan[edit]

It was reported by online reporter Brian Krebs, on June 15, 2015, that "Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking [the] Upatre [trojan software] being served from hundreds of compromised home routers – particularly routers powered by MikroTik and Ubiquiti's AirOS". Bryan Campbell of the Fujitsu Security Operations Center in Warrington, UK was reported as saying: "We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS ... The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur."[12]

2021 alleged cloud data breach[edit]

In January 2021, a potential data breach of cloud accounts was reported,[13] with customer credentials having potentially been exposed to an unauthorised third party.

In March 2021 security blogger Brian Krebs reported that a whistleblower disclosed that Ubiquiti's January statement downplayed the extent of the data breach in an effort to protect the company's stock price. Furthermore, the whistleblower claimed that the company's response to the breach put the security of its customers at risk.[14] Ubiquiti responded to Krebs's reporting in a blog post, stating that the attacker "never claimed to have accessed any customer information" and "unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials." Ubiquiti further wrote that they "believe that customer data was not the target of, or otherwise accessed in connection with, the incident."[15]

On December 1, 2021, the United States Attorney for the Southern District of New York charged a former high-level employee of Ubiquiti for data theft and wire fraud, alleging that the "data breach" was in fact an inside job aimed at extorting the company for millions of dollars. The indictment also claimed that the employee caused further damage "by causing the publication of misleading news articles about the company’s handling of the breach that he perpetrated, which were followed by a significant drop in the company’s share price associated with the loss of billions of dollars in its market capitalization." The Verge reported that the indictment shed new light on the supposed breach and appeared to back up Ubiquiti's statement that no customer data was compromised.[16][17]

IPO[edit]

On October 13, 2011, Ubiquiti had its initial public offering (IPO) at 7.04 million shares, at $15 per share,[18] raising $30.5 million.[19]

Legal difficulties[edit]

United States sanctions against Iran[edit]

In March 2014, Ubiquiti agreed to pay $504,225 to the Office of Foreign Assets Control after it allegedly violated U.S. sanctions against Iran.[20]

Open-source licensing compliance[edit]

In 2015, Ubiquiti was accused of violating the terms of the GPL license for open-source code used in their products.[10] The original source of the complaint updated their website on May 24, 2017, when the issue was resolved.[11] In 2019, Ubiquiti was reported as again being in violation of the GPL.[21]

Other[edit]

In 2015, Ubiquiti revealed that it lost $46.7 million when its finance department was tricked into sending money to someone posing as an employee.[22]

References[edit]

  1. ^ a b "Company". Ubiquiti Inc. Retrieved June 8, 2021.
  2. ^ a b c d e f "Ubiquiti Networks 2018 SEC Form 10-K".
  3. ^ Greenberg, Herb (June 12, 2012). "Yet Another Controversy for Ubiquiti?". CNBC. Retrieved June 8, 2021.
  4. ^ Witkowski, Wallace (September 18, 2017). "Ubiquiti shares hammered by Citron 'fraud' claim that contains little new evidence - MarketWatch". MarketWatch.com. Retrieved November 29, 2017. That may be a factor that led Ubiquiti's auditor, PWC, to cite a lack of internal controls in 2015, and an eventual staff clear-out that led Ubiquiti to move its headquarters from San Jose, Calif., to New York City and change auditors to KPMG.
  5. ^ "World Record 304km Wi-Fi connection". newatlas.com. Retrieved December 22, 2012.
  6. ^ "Hands-on: Ubiquiti's Amplifi covers the whole house in a Wi-Fi mesh". Ars Technica. July 20, 2016. Retrieved December 1, 2016.
  7. ^ "Ubiquiti: UISP Is The New UNMS". McCann Tech. December 29, 2020. Retrieved January 24, 2021.
  8. ^ "Re: AirOS and Security: DUMP of configuration files with TFTP or other thing". community.ui.com. July 16, 2014. Retrieved May 9, 2017.
  9. ^ a b "GPL archive missing components". community.ubnt.com. March 2, 2013. Archived from the original on December 9, 2016. Retrieved May 9, 2017.
  10. ^ a b Riley Baird (April 7, 2015). "How Ubiquiti Networks Is Creatively Violating the GPL". LibertyBSD. Archived from the original on April 30, 2017. Retrieved April 30, 2017.
  11. ^ a b Riley Baird (May 24, 2017). "N/A". LibertyBSD. Archived from the original on May 24, 2017. Retrieved December 12, 2017.
  12. ^ "Crooks Use Hacked Routers to Aid Cyberheists". Krebs on Security. June 29, 2015.
  13. ^ "Ubiquiti says customer data may have been accessed in data breach". TechCrunch. Retrieved January 19, 2021.
  14. ^ Whistleblower: Ubiquiti Breach "Catastrophic", Krebs On Security, March 30, 2021
  15. ^ "Update to January 2021 Account Notification". Ubiquiti, Inc. March 31, 2021. Retrieved June 8, 2021.
  16. ^ "Former Employee Of Technology Company Charged With Stealing Confidential Data And Extorting Company For Ransom While Posing As Anonymous Attacker". www.justice.gov. December 1, 2021. Retrieved December 3, 2021.
  17. ^ Clark, Mitchell (December 1, 2021). "Ubiquiti hack may have been an inside job, federal charges suggest". The Verge. Retrieved December 3, 2021.
  18. ^ "Ubiquiti Networks IPO Priced To Work At $15?". Seeking Alpha. October 13, 2011. Retrieved December 22, 2012.
  19. ^ "Annual report for fiscal year ended June 30, 2012". Form 10-K. US Securities and Exchange Commission. September 21, 2012. Retrieved October 16, 2013.
  20. ^ "Ubiquiti Networks settles with OFAC for alleged violations of Iran sanctions", Debevoise & Plimpton LLP, March 7, 2014.
  21. ^ Denver Gingerich (October 2, 2019). "When companies use the GPL against each other, our community loses". SFconservancy. Retrieved December 21, 2020.
  22. ^ "Fraudsters duped this company into handing over $40 million". Fortune.com. August 10, 2015. Retrieved October 19, 2015.

External links[edit]