Time to wake up to what Ubiquiti really is

1 Like

Morgan Stanley dropped coverage on Ubiquiti.

One of many commentaries (A bit explicit on the language fair warning)

https://citronresearch.com/citron-exposes-ubiquiti-networks/

Read about that earlier.

Adam says the attacker(s) […] gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies […] The attackers also provided proof they’d stolen Ubiquiti’s source code

Nice… If true, then that’s pretty much the worst possible case scenario right there.

It’s bad enough that it happened, but it shows how Little regard they have for their customers if they try to keep it secret and somebody has to risk his job to report it

I wouldn’t jump to conclusions right away. For all we know, ‘Adam’ may be a disgruntled employee.

But yes, if this turns out to be true, then they have been acting in a very reckless and irresponsible way. And it will have legal consequences.

Or you know, something like this:

Synopsys develops software applications for the semiconductor industry. It is the leading company by sales in the Electronic Design Automation industry. Ubiquiti met with Synopsis to license Synopsis software all the while Ubiquiti was counterfeiting licenses and using hacker websites to circumvent payment.

This was perpetrated by senior management especially Ching-Han Tsai

According to the lawsuit:

“Ubiquiti and its Hong Kong unit, Ubiquiti International Ltd., have used counterfeit keys at least 39,000 times with 15 different usernames, circumventing Synopsys’ license key access control system, according to the suit. Tsai personally used a counterfeit key to work around the paid system at least 66 times, Synopsys said.”

The Synopsis lawsuit gives us insight into corporate ethics from the top down.

That guy continues to be a fugitive from international law I believe

Laughably inflated user community:

The whole thing is very disappointing. Like many here I love my ubiquiti gear, but have no time for the reported corporate ethics.

Damn.

It sucks a lot. They have mislead a lot of people in a large number of ways for quite some time now, and this is not the first time that they’ve been completely owned because they were not careful about what they were doing.

I have been very happy with my USG and ac-lr access point.

The recent news is very disappointing as is the fact that newer hardware requires cloud accounts. Makes me reconsider any future purchases.

Any suggestions on alternative hardware that matches the UniFi reliability and ease of use?

Much of these problems have been brought up for at least past 2yrs

inflated user community
weird potentially fake financials
questions about fake employees (was one I believe)

and the bad corporate practice and poor systems practices was always a thing dismissed by many since there were no really desireable alternatives

I never trusted the CLOUD KEY as I worried they would be sloppy and even if not…that a nice target for hacker and they always find a way for juicy target. I also killed WAN acces to Unifi on Local network after “change password” notice

This should really be no suprise for anyone looking over past years.
My question is what will be the path forward assuming the company remains after folks start going to jail?
Open source the software and Hardware side purchase by company (hopefully not google)

What about customer?
Theres people running backdoored netgear so my worst case is throw firewall appliance in front of USG and run that BUT what if I decide to replace. What is alternative Product?

2020 was bad year for health
2021 is turning bad year for IT (solarwinds, Ubiquiti)

1 Like

Absolutely true.
Yet it never gets discussed, and usually trying to bring it up in whatever forum or Reddit results in a lot of people getting angry. Thankfully that’s not happening here

Peplink Balance 20X is nice for a general all-around unit.

Cloud management service included for a year is completely optional. iPhone and Andriod apps.
Networks are actually set up a lot faster than Ubiquiti products with their native GUI option (cli is still avail)

There’s also Draytek

This gentleman has some thoughts on Peplink and Draytek, if you’re interested:
https://routersecurity.org/

Ruckus unleashed line was Arris now commscope. Solid commercial level software that has everything that ubiquity offered as far as networking. I.e. no cameras doorbells etc.

Is Ruckus pricing similar to ubiquiti?
Sepertate licenses required?

What about Microtik?

Unfortunately when it comes to Ruckus, one of their so called Alliance Partners is expresswifi by Facebook. Which makes it a no-go for me :money_mouth_face:

Partner in the sense that they provide network equipment along with dozens of other companies. Some of their main competitors, cisco for one, are also partners. I can’t stand facebook but I’m not going to fault a company for providing them with hardware. AFAIK it’s not embedded in their products.

It doesn’t really matter anyway after looking for when the license requirment kicks in, 50 ap’s, unleashed is only L2. So back to square one again. At least this this post came up, I was about to place an order.

Off of the top of my head, Ruckus has been bought and sold 3 times In a relatively short amount of time, and I have read security experts expressed concern about that as well as some other points raised here

1 Like

How about DrayTek (as @carver already pointed it out)? Although I have not dived deeper into their products yet their portfolio looks quite impressive. Besides I have read a lot of comments about their products on some German plattforms/forums which sound quite positive.

I did take a quick look at them. They don’t seem to have much presence in the US. Specifically I can’t find any of their wifi 6 hardware available for sale here apart from ebay.