Hacking ethics — Unsecuring Unifi?
By Aizuddin Danian
There is an interesting debate going on in the Unifi forums over at LowYat.net.
Basically, when TM rolled out their fiber optic internet broadband service called Unifi, they:
(a) used hardware that had known firmware security holes AND forced every Unifi customer to use said hardware and
(b) installed a “backdoor” into each Unifi-distributed router on the pretext that the backdoor will be used by Unifi remote technicians should the customer need help. The problem is that this back door can be used by ANYONE, and not just Unifi staff.
One of the LowYat.net forums members found both problems and posted an extensive guide about how users can fix the problems above themselves. However, by doing so, he has also brought visibility to the problem, and any customer who does not follow his advice is vulnerable to a blackhat hacker attack.
The same person also recently did a scan of the Unifi network, and at least 60% of the customers seem to be unaware of the weaknesses in the system or know about the vulnerabilities but have chosen not to, or are unable to do anything about it. For these people, numbering in the thousands of customers (including business customers!), the end result is the same: their networks are vulnerable to hackers and can be disabled, hacked, exploited, and invaded AT ANY TIME.
After reading the guide, and even someone like myself, who has zero knowledge about Linux or hacking should be able to get into an unsecured Unifi router with little more than a single click of a button.
