Unifi Protect showing notifications and devices of other users

[cataSucc]

Summary

 

A Reddit user, SandmaNn42, has reported being notified of a detection from Unifi protect camera that was not part of the users adopted cameras and in the notification showed a house that was not theirs. An additional user, turnerd10, in the comments reported opening the remote access page and seeing a UDM Pro that was not theirs. The Ubiquiti Reddit account has reached out to both users for more information.

 

Quotes

Quote

Recently, my wife received a notification from UniFi Protect, which included an image from a security camera. However, here's the twist - this camera doesn't belong to us.

... we have two security cameras set up through UniFi Protect, and they've been working flawlessly until now. But this notification was completely out of the blue and showed footage from an unfamiliar camera. What's even more strange is that when my wife opened the Protect app immediately after receiving the notification, only our two cameras were listed, as usual.

 

My thoughts

I would disable remote access to your Unifi consoles until this is address by Ubiquiti. Its scary to think that someone could have access to someone else's network at random.

 

Sources

https://www.reddit.com/r/Ubiquiti/comments/18hgpw1/security_problem/

 

[jagdtigger]

And this is why you keep your NVR only locally accessible, if you want remote access use a split vpn........

[Slottr]

- Moved to Networking - 

 

Our tech news sub forum requires the sources to be from a legitimate news source

[wanderingfool2]

On 12/13/2023 at 2:04 PM, Slottr said:

- Moved to Networking - 

 

Our tech news sub forum requires the sources to be from a legitimate news source

Does it get changed now that Unifi has verified what the Reddit user has said?

 

https://www.bleepingcomputer.com/news/security/ubiquiti-users-report-having-access-to-others-unifi-routers-cameras/

 

Because honestly moving it to networking has effectively torpedoed people seeing a pretty seriously issue...not to backseat mod as well, but multiple users all reporting the same issue at the same time doesn't count as a reputable source (when they are proving screen shots as well)

[OhioYJ]

I don't have any of Ubiquiti's security cameras, however it seems they are handling this pretty well, and being pretty open about it.

 

Bug Fix - Cloud Access Misconfiguration <--(Official Statement on their forums)

[Falcon1986]

5 hours ago, wanderingfool2 said:

Does it get changed now that Unifi has verified what the Reddit user has said?

Changes what? The alert is out. It's for Ubiquiti to address, not this forum.

 

5 hours ago, wanderingfool2 said:

Because honestly moving it to networking has effectively torpedoed people seeing a pretty seriously issue...not to backseat mod as well, but multiple users all reporting the same issue at the same time doesn't count as a reputable source (when they are proving screen shots as well)

I don't think anyone disagrees that this is a major issue. But, the LTT forum would be the last place to torpedo any Ubiquiti news, especially since other places with active monitors and more UniFi users that use Protect exist.

 

While I don't use Protect, I've noticed a couple of UniFi updates being pushed out over the last 3 days. Can't say that these updates are in response to the security concern; you can find that in the bugfix release notes.

[reptarded]

Wondering if anyone has a solution for a local only deployment?

I've essentially setup home assistant to handle notifications for me at this point, but it would be great to use the normal protect app...