| [20:11:15] | <mstenta[m]> | Anyone using Ubiquiti? https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catast... |
| [20:46:57] | <symbioquine[m]> | I saw that. Interestingly, the article says at least one backdoor was found (somewhere unspecified) and suggests clearing any device cloud login profiles then updating device firmwares, but doesn't describe how they know the previous/currently vended firmwares are safe from backdoors. It seems like that would be the ultimate way for the attackers to play this - assuming they got access to the firmware signing keys - |
| [20:46:57] | <symbioquine[m]> | publish a modified firmware which injects itself in any subsequently downloaded firmwares before applying them. Assuming there's no hardware checks to prevent that sort of thing, it seems like that could effectively brick the devices from a security perspective... |