Jump to content

Ubiquiti

From Wikipedia, the free encyclopedia

Ubiquiti Inc.
FormerlyUbiquiti Networks, Inc.
Company typePublic
NYSEUI
Russell 1000 Index component
IndustryComputer networking, energy
FoundedOctober 2003; 21 years ago (2003-10)[1]
FoundersRobert Pera
Headquarters,
United States
ProductsComputer networking devices
RevenueDecrease US$1.692 billion (2022)[2]
Decrease US$462.264 million (2022)[2]
Decrease US$378.657 million (2022)[2]
Total assetsDecrease US$844.712 million (2022)[2]
Total equityDecrease US$−382.876 million (2022)[2]
Number of employees
1,377 (as of June 30, 2022)[2]
Websitewww.ui.com Edit this at Wikidata

Ubiquiti Inc. (formerly Ubiquiti Networks, Inc.)[3] is an American technology company founded in San Jose, California, in 2003.[1][4] Now based in New York City,[5] Ubiquiti manufactures and sells wireless data communication and wired products for enterprises and homes under multiple brand names. On October 13, 2011, Ubiquiti had its initial public offering (IPO) at 7.04 million shares, at $15 per share,[6] raising $30.5 million.[7]

Products

[edit]

Ubiquiti's first product line was its "Super Range" mini-PCI radio card series, which was followed by other wireless products.

The company's Xtreme Range (XR) cards operated on non-standard IEEE 802.11 bands, which reduced the impact of congestion in the 2.4 GHz and 5.8 GHz bands.[citation needed] In August 2007 a group of Italian amateur radio operators set a distance world record for point-to-point links in the 5.8 GHz spectrum. Using two XR5 cards and a pair of 35 dBi dish antennas, the Italian team was able to establish a 304 km (about 188 mi) link at data rates between 4 and 5 Mbit/s.[8]

The company (under its "Ubiquiti Labs" brand) also manufactures a home-oriented wireless mesh network router and access point combination device, as a consumer-level product called AmpliFi.[9]

Brands

[edit]
A UniFi wireless access point
A pair of Ubiquiti internet PTP Antennaes

Ubiquiti product lines include UniFi, AmpliFi, EdgeMax, UISP, airMAX, airFiber, GigaBeam, and UFiber. The most well known product line is UniFi which is focused on home, prosumer, business wired and wireless networking in addition to IP cameras, physical access control systems, and VoIP phones. EdgeMax is a product line dedicated to wired networking, containing only routers and switches. UISP, announced in 2020, is a range of products for internet service providers.[10]

airMAX is a product line dedicated to creating point-to-point (PtP) and point-to-multi-point (PtMP) links between networks. airFiber and UFiber are used by wireless and fiber Internet service providers (ISP), respectively.[citation needed]

Software products

[edit]

Ubiquiti develops a variety of software controllers for their various products including access points, routers, switches, cameras, and locks. These controllers manage all connected devices and provide a single point for configuration and administration. The software is included as part of UniFi OS, an operating system that runs on devices called UniFi OS Consoles (UniFi Dream Machine, Dream Router, Cloud Key). The UniFi Network controller can alternatively be installed on Linux, FreeBSD, macOS, or Windows, while the other applications included with UniFi OS such as UniFi Protect and UniFi Access must be installed on a UniFi OS Console device.

WiFiman is an internet speed test and network analyzer tool that is integrated into most Ubiquiti products. It has mobile apps and a web version.

Security issues

[edit]

U-Boot configuration extraction

[edit]

In 2013, a security issue was discovered in the version of the U-Boot boot loader shipped on Ubiquiti's devices. It was possible to extract the plaintext configuration from the device without leaving a trace using Trivial File Transfer Protocol (TFTP) and an Ethernet cable, revealing information such as passwords.[11]

While this issue is fixed in current versions of Ubiquiti hardware, despite many requests and acknowledging that they are using this GPL-protected application, Ubiquiti refused to provide the source code for the GNU General Public License (GPL)-licensed U-Boot.[12][13] This made it impractical for Ubiquiti's customers to fix the issue.[12] The GPL-licensed code was released eventually.[14]

Upatre Trojan

[edit]

It was reported by online reporter Brian Krebs, on June 15, 2015, that "Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking [the] Upatre [trojan software] being served from hundreds of compromised home routers – particularly routers powered by MikroTik and Ubiquiti's airOS". Bryan Campbell of the Fujitsu Security Operations Center in Warrington, UK was reported as saying: "We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS ... The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur."[15]

2021 alleged data breach and lawsuit

[edit]

In January 2021, a potential data breach of cloud accounts was reported,[16] with customer credentials having potentially been exposed to an unauthorized third party.

In March 2021 security blogger Brian Krebs reported that a whistleblower disclosed that Ubiquiti's January statement downplayed the extent of the data breach in an effort to protect the company's stock price. Furthermore, the whistleblower claimed that the company's response to the breach put the security of its customers at risk.[17] Ubiquiti responded to Krebs's reporting in a blog post, stating that the attacker "never claimed to have accessed any customer information" and "unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials." Ubiquiti further wrote that they "believe that customer data was not the target of, or otherwise accessed in connection with, the incident."[18]

On December 1, 2021, the United States Attorney for the Southern District of New York charged a former high-level employee of Ubiquiti for data theft and wire fraud, alleging that the "data breach" was in fact an inside job aimed at extorting the company for millions of dollars. The indictment also claimed that the employee caused further damage "by causing the publication of misleading news articles about the company’s handling of the breach that he perpetrated, which were followed by a significant drop in the company’s share price associated with the loss of billions of dollars in its market capitalization." The Verge reported that the indictment shed new light on the supposed breach and appeared to back up Ubiquiti's statement that no customer data was compromised.[19][20]

In March 2022, Ubiquiti filed a lawsuit[21] against Brian Krebs, alleging defamation for his reporting on their security issues. Both parties resolved their dispute outside the court in September 2022.

[edit]

United States sanctions against Iran

[edit]

In March 2014, Ubiquiti agreed to pay $504,225 to the Office of Foreign Assets Control after it allegedly violated U.S. sanctions against Iran.[22]

Open-source licensing compliance

[edit]

In 2015, Ubiquiti was accused of violating the terms of the GPL license for open-source code used in their products.[13] The original source of the complaint updated their website on May 24, 2017, when the issue was resolved.[14] In 2019, Ubiquiti was reported as again being in violation of the GPL.[23]

Other

[edit]

In 2015, Ubiquiti revealed that it lost $46.7 million when its finance department was tricked into sending money to someone posing as an employee.[24]

References

[edit]
  1. ^ a b "Company". Ubiquiti Inc. Retrieved June 8, 2021.
  2. ^ a b c d e f "Ubiquiti Networks 2022 SEC Form 10-K".
  3. ^ "UBIQUITI NETWORKS REPORTS FOURTH QUARTER FISCAL 2019 FINANCIAL RESULTS" (PDF). August 9, 2019. Archived (PDF) from the original on December 31, 2019. Retrieved April 2, 2022. At the close of business on August 19, 2019, the company will legally change its name to Ubiquiti Inc. The last trading day on NASDAQ under the name Ubiquiti Networks, Inc. and the UBNT symbol is expected to be August 19, 2019.
  4. ^ Greenberg, Herb (June 12, 2012). "Yet Another Controversy for Ubiquiti?". CNBC. Retrieved June 8, 2021.
  5. ^ Witkowski, Wallace (September 18, 2017). "Ubiquiti shares hammered by Citron 'fraud' claim that contains little new evidence - MarketWatch". MarketWatch.com. Retrieved November 29, 2017. That may be a factor that led Ubiquiti's auditor, PWC, to cite a lack of internal controls in 2015, and an eventual staff clear-out that led Ubiquiti to move its headquarters from San Jose, Calif., to New York City and change auditors to KPMG.
  6. ^ Tillman, Trent (October 13, 2011). "Ubiquiti Networks IPO Priced To Work At $15?". Seeking Alpha. Retrieved December 22, 2012.
  7. ^ "Annual report for fiscal year ended June 30, 2012". Form 10-K. US Securities and Exchange Commission. September 21, 2012. Retrieved October 16, 2013.
  8. ^ "World Record 304km Wi-Fi connection". newatlas.com. August 27, 2007. Retrieved December 22, 2012.
  9. ^ "Hands-on: Ubiquiti's Amplifi covers the whole house in a Wi-Fi mesh". Ars Technica. July 20, 2016. Retrieved December 1, 2016.
  10. ^ "Ubiquiti: UISP Is The New UNMS". McCann Tech. December 29, 2020. Retrieved January 24, 2021.
  11. ^ "Re: AirOS and Security: DUMP of configuration files with TFTP or other thing". community.ui.com. July 16, 2014. Retrieved May 9, 2017.
  12. ^ a b "GPL archive missing components". community.ubnt.com. March 2, 2013. Archived from the original on December 9, 2016. Retrieved May 9, 2017.
  13. ^ a b Riley Baird (April 7, 2015). "How Ubiquiti Networks Is Creatively Violating the GPL". LibertyBSD. Archived from the original on April 30, 2017. Retrieved April 30, 2017.
  14. ^ a b Riley Baird (May 24, 2017). "N/A". LibertyBSD. Archived from the original on May 24, 2017. Retrieved December 12, 2017.
  15. ^ "Crooks Use Hacked Routers to Aid Cyberheists". Krebs on Security. June 29, 2015.
  16. ^ "Ubiquiti says customer data may have been accessed in data breach". TechCrunch. January 11, 2021. Retrieved January 19, 2021.
  17. ^ Whistleblower: Ubiquiti Breach "Catastrophic", Krebs On Security, March 30, 2021
  18. ^ "Update to January 2021 Account Notification". Ubiquiti, Inc. March 31, 2021. Retrieved June 8, 2021.
  19. ^ "Former Employee Of Technology Company Charged With Stealing Confidential Data And Extorting Company For Ransom While Posing As Anonymous Attacker". www.justice.gov. December 1, 2021. Retrieved December 3, 2021.
  20. ^ Clark, Mitchell (December 1, 2021). "Ubiquiti hack may have been an inside job, federal charges suggest". The Verge. Retrieved December 3, 2021.
  21. ^ "Docket for UBIQUITI INC. v. KREBS, 1:22-cv-00352 - CourtListener.com". CourtListener. Retrieved March 30, 2022.
  22. ^ "Ubiquiti Networks settles with OFAC for alleged violations of Iran sanctions", Debevoise & Plimpton LLP, March 7, 2014.
  23. ^ Denver Gingerich (October 2, 2019). "When companies use the GPL against each other, our community loses". SFconservancy. Retrieved December 21, 2020.
  24. ^ "Fraudsters duped this company into handing over $40 million". Fortune.com. August 10, 2015. Retrieved October 19, 2015.
[edit]