Ubiquiti says it has seen two different versions of the worm and they both leverage the same vulnerability to infect the company’s products. The flaw in question was patched in July 2015 with the release of airOS 5.6.2. The vendor has now released version 5.6.5, which contains additional security improvements and removes the malware from devices. A separate worm removal tool has also been released by the vendor.Cesare Garlati, (left) chief security strategist for prplFoundation urges the following on securing IoT in the home where people can take a number of actions to improve security:
- Update the software of the device at least once per quarter. Vulnerabilities publicised has hackers scan these devices to take advantage of them.
- Don’t be afraid to purchase a new one if you suspect the vendor has not been taking security seriously.
- Make sure the admin console on your home router is password protected.
- This is separate to the password used to sign in to the wi-fi.
- Make sure you use the WPA2 protocol and protect it with a meaningful, strong password.
- Activate Media Access Control (MAC) filtering – set up your devices on your router using this unique ID so rogue devices cannot connect.
- Turn off wi-fi protected set-up (WPS) after initial set up as it is not required, nor it is robust or reliable.
- Do not open any ports on the router firewall – there is no reason for a household to be reached by the outside- regardless of vendor advice .
- Never enable the Universal Plug ‘n Play (UPnP) feature on a device – it opens a port which can enable malware and attackers to get in.
- Practice security by separation and take advantage of “guest network” feature on modern routers.
- Use this for people coming into your home and for all of your high risk devices.
- Make sure this network has a different password.
Ultimately, users need to understand that their homes are becoming mini-data centres without an administrator. They need to take more responsibility for the security in the connected home. Realise that it’s not just about the box, but all the ways that they are exposed through