Cybercriminals who have readily identified the exposed source of many Ubiquiti Network devices, have used this programming flaw to their advantage to execute DDoS attacks and malware distruibiution.
Many Ubiquiti Network devices in seem to have been hardcoded with identical cryptographic keys. The reuse of cryptographic keys makes it very easy for cybercriminals to hack multiple devices at once, in the event that they are aware of the firmware’s vulnerability.
This security bug has been easy to detected on Ubiquiti devices. Currently, around 1.7 million Ubiquiti devices have already been identifed. Most of the affected devices, located mainly in Brazil, Thailand and United States (see the chart below), are valuable targets for hackers. Not to mention the possibility to exploit the vulnerability in the firmaware to redirect DNS queries and infect web downloads.