FAKE Ubiquiti Utility(ies) with MALWARE! And Network Scanning Query...
ALL,
In case you missed it, Please be aware of evident INFOSEC vulnerability in certain apps distributed by dubious sources.
Clues at following URL::
https://community.ubnt.com/t5/Ubiquiti-Announcements-and-News/Fake-Ubiqu...
P.S.- Does anybody have a reliable answer to this related question::
In the interests of both security, and especially network diagnostics, can any of the Ubiquiti (or other?) utilities scan for and/or detect any AREDN nodes? On either WiFi and/or LAN sides? Perhaps even via MAC searches, et al?? Clues appreciated!
Let's all be MESH Safe and INFO Secure out there!!
And Thanks All for excellent AREDN efforts and evolutions!
Gene :)
Gene Harrison
N3EV
I’m not aware of any tool that specifically looks for AREDN Devices. The Ubiquiti tools look for a specific response from a AirOs as such AREDN devices do not show up in it.
That then brings you to the generic network scanning tools like NMAP which will if run very easily be able to see the hardware. It will have to scan the ports but 8080 is a common port and will show up as open. I’m not aware of any network scanner that currently detects AREDN specifically but it would be trivial to write a plugin for NMAP to do so.
The WIFI side is blatantly even easier to see the hardware, it broadcasts a packet on a default schedule of 2hz (it can delay if need be for traffic reasons but assume 2x a second). This alone makes the hardware show up in a wireless scan. HAM Only RF channels may not show up in some scanners but one should assume they will. After that a simple profiling of the traffic would tell you a lot, if you cataloged a lot of the generated packets you could make a reasonable guess that it’s AREDN or some device running compatible firmware. Once you see the device you could always directly interrogate it or just wait dor
Someone else to visit it’s mesh status screen and observe the AREDN phrase in the dataset.
Some AREDN nodes use to show up in Google before we put a change in to tell search engines not to index them. I never recommend directly exposing a mesh nodes UI to the internet but some did anyways.
Btw all the above applies to really any device out there that one wants to specifically target. A number of infections have for example targeted specific models of IP cameras, once you know what your looking for it’s very easy to write a program that seeks out those devices, the toughest part is usually getting access, this is why I am so insistent when I see a flaw or vulnerability it not be ignored when AREDN Code is being written. I’ve been yelled at a time or two for constantly rejected code because it continually had faults but I know how easy it is to take one hole in the armor and make it massive.
Ultimately AREDN will some day probably have specific threats written for it, much like the viruses that targeted Iran’s centrifuges AREDN will if it becomes wide enough known just like some of the recent 911 call centers become a target. Devices connected to AREDN should treat it as hostile as the internet, run with the firewall enabled on the pc and run AV, not because any Ham will particularly target you more because just like the Internet AREDN can spread an infection from PC to PC and again some day one of those will also probably target AREDN nodes in particular as well making it a double whammy.