Root access
To everything and the kitchen sink? Blimey.
Wi-Fi kit-slinger Ubiquiti has suggested the attacker that accessed some of its cloud-hosted systems in January 2021 may have made off with source code and employee logins, not the customer data it initially warned could be in peril. News that Ubiquiti’s cloud servers had been breached emerged on January 11, 2021, when the …
I believe that apparently you can house some of the config stuff on something like a Pi instead of cloud, but to be honest why should you even have to do that? I did briefly look an Ubiquiti kit for home, but the faff with the config stuff and the need for PoE just made it a bit OTT and PROsumer for my needs.
From what I've seen the kit is OK and performs well, but the dependencies are another matter...
From what I've seen the kit is OK and performs well
...for a couple of years. They *love* obsoleting older hardware and removing support for it from the software.
They'll also happily upgrade your controller to a version that doesn't support all your antennas without warning you about that.
They also make it really hard to tell precisely what hardware is supported by which release. I just built a box to run a bunch of these antennas and we had to try 4 different versions before we got everything working. And by "working", I mean "mostly working".
And to top all this off, the support drones they hire are inadequately trained and know nothing. My customer had to contact their support, who simply advised him to upgrade the the latest version. Following this "advice" would have rendered my customer's entire network unusable until he climbed up a bunch of ladders all over town manually pressing reset pins on all his antennas. Something which would take probably a day or two to do. Luckily, my customer wasn't an idiot and told them exactly how terrible that advice is. I shudder to think of the people managing antennas hundreds or thousands of km from their location being told to do this.
I wouldn't buy their kit and I wouldn't trust their support people to write their own names
The self-hosted controller option does not require a cloud login, all you need is a Raspberry Pi. I've explicitly avoided anything from UBNT that requires their cloud login, and all their products that I have are on a VLAN that has no outside access (and the router isn't made by them)
You manage UniFi devices together as a site rather than as individual devices. If you have EdgeRouter/EdgeSwitch devices they're individually managed, but the UniFi stuff makes it easier. For example, if you create a VLAN it shows up on all relevant switches and APs automatically rather than having to mess with each device individually.
For logging or inspecting your network. I have it running and it is nice... you can also setup guest networks and what not, with or without passwords any many other things. Control routers and switches firewalls, VPN of your own system... or including that of your parents and more...
Just the.’normal’ unify devices can also be configured without the extra cloud key from your phone, o extra software required, but I don’t think that is recommended. Get UniFi only if you are willing to run some cables from your switch to your devices in your house for optimal performance. I have it running for months and months at end and it just works, from IoT decides to iPads, Apple TV radios and it just runs....
No techies that want to use ubiqity should by amplifi instead of UniFi, that is stand alone, but still will use mesh technology.
As others have said, the controller s/w manages the entire site, push wifi details, VLAN configs, etc to all devices as needed.
The thing is the controller only needs to run when you're pushing a config change. The controller s/w can be run on your laptop/PC as needed, then shut down. You lose a bit of stats gathering and monitoring, but otherwise you can run for months without the controller s/w running.
The controller s/w also doesn't need a dedicated system. If you have a PC or server running anyway, you can most likely install it on there.
Apropos the security breach, I sure hope it wakes them up a bit as there has been a bit of a question-mark over their focus on security lately. And insisting on a cloud login for some of their newer products is definitely a bad move IMO. I for sure will never buy into that range of product.
Not a sponsor - just use their gear sometimes.
It's not like the kids needs the mothership, but it doesn't make it easy to avoid the mothership.
I upgraded my home with a gateway, wifi and switch - and it threw me as I was used to configuring devices separately - Ubiquiti kit was the first that 'preferred' to be configured as a collective.
From a management pov , it makes it simple and actually v.good.
They do have a cloud key service, but personally thought it was a joke to pay £80+ for a simple bit of software...so I put it on my raspberry pi and runs quite happily.
I run a pretty large fleet of these things via a self hosted VM running Ubuntu etc. There is no need for cloud access and I have never configured that.
The reason you have a Unifi Controller is it saves each AP needing its own web server. Each one is just a very simple Linux box with some cheekied up wifi. They get pointed at the controller and get given a key for secure comms over TLS. They download their site config and set themselves up. You get status info and all sorts of stats and can do oneish click firmware updates with it. Also the captive portal uses the central controller to do the heavy lifting - token management and poncy graphics etc. Once your sites are setup you set up the VLANs on the switch port, plug in the device and walk away. If you use their switches, that happens out of the box.
There have been some exciting times in the past with some of the firmware but you can back rev to older versions if your *cough* test systems find problems. Or you can whine and whinge on the forums and stamp your feet 8)
One of the annoyances with Ubiquiti is that (in some cases) the cloud requirement has been imposed after the fact.
Case in point: I set up a network for a non-profit that included a Cloud Key Gen 2 as a local controller, with remote cloud access (per their request). No cloud required to set up the network, make changes, etc. When they updated the CK firmware, the update deleted the local CK login account; now the only way to log in locally is with the cloud account. This caused quite a bit of confusion, and it took me a while to figure out what had happened.
Point is, in our modern Utopia shit can become cloud-only after purchase.
They make great products. But there is no good reason to require all the phone-homeing that happens. I had to remove their management software and appliances from my networks because I did not want to waste metered connection b/w on their spyware and couldn't use them at all on non-internet connected networks... I mean, who knew that every computing device doesn't have an always-on internet connection without limits?
I can't see anything in the thread that says that Ubiquiti promised to remove house ads it added to the web-based user interface of its UniFi gear. They said they would make them easier to dismiss, but not remove them totally. As a unifi user I am seriously considering moving away after the last 18 months or so of bad firmware, ads, etc, etc
> As a unifi user I am seriously considering moving away after the last 18 months or so of bad firmware, ads, etc, etc
The bit that would do it for me, really, is the allegations that they actively tried to cover up the extent of this breach and left customers exposed in the meantime.
That's absolutely unforgiveable and more than enough to kick them onto my "never buy" list.
All vendors are going to have bugs/breaches at times, but you need to be able to trust that they will act to mitigate the outcome, rather than trying to protect their share-price and leaving you (unknowingly) with your pants down.
When I first heard of Ubiquiti their products sounded great and I know a lot of my fellow IT pros use them at work & home. Personally I was put off by the cloud management and the subscription.
Over the last 2 or 3 years I've heard nothing good about Ubiquiti. Between removing features, increasing costs, adverts in the management interface (wtf!) and now this hack that they are trying to hide I'm glad I never bought anything from them myself. They are now formally on my "do not buy" list.
Was looking at Ubiquiti for when I can afford to upgrade my internet; but those who live by GPL violations need to die.
.
Will probably go for a Czech [ eg neither American nor Chinese ] Turris Omnia which has OpenWRT built in.
Though one has to add a modem.
When someone has broken though your security (I'm not going keep saying "hacked") then you have to assume that everything may have been accessed, not just the couple of items that you eventually noticed after a while.
What does "accessed" mean, just one thing or everything? The only people who are certain are the ones who broke in.