Ubiquiti Inc. (formerly Ubiquiti Networks, Inc.) is an American technology company founded in

San Jose, California San Jose, officially San José (; ; ), is a major city in the U.S. state of California that is the cultural, financial, and political center of Silicon Valley and largest city in Northern California by both population and area. With a 2020 popu ...

, in 2003. Now based in

New York City New York, often called New York City or NYC, is the List of United States cities by population, most populous city in the United States. With a 2020 population of 8,804,190 distributed over , New York City is also the L ...

, Ubiquiti manufactures and sells

wireless data communication Wireless communication (or just wireless, when the context allows) is the transfer of information between two or more points without the use of an electrical conductor, optical fiber or other continuous guided medium for the transfer. The most ...

and wired products for enterprises and homes under multiple brand names. On October 13, 2011, Ubiquiti had its

initial public offering An initial public offering (IPO) or stock launch is a public offering in which shares of a company are sold to institutional investors and usually also to retail (individual) investors. An IPO is typically underwritten by one or more investment ...

(IPO) at 7.04 million shares, at $15 per share, raising $30.5 million.

Products

Ubiquiti's first product line was its "Super Range"

mini-PCI Peripheral Component Interconnect (PCI) is a local computer bus for attaching hardware devices in a computer and is part of the PCI Local Bus standard. The PCI bus supports the functions found on a processor bus but in a standardized format t ...

radio card series, which was followed by other wireless products. The company's Xtreme Range (XR) cards operated on non-standard

IEEE 802.11 IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer commun ...

bands, which reduced the impact of congestion in the 2.4 GHz and 5.8 GHz bands. In August 2007 a group of Italian amateur radio operators set a distance world record for point-to-point links in the 5.8 GHz spectrum. Using two XR5 cards and a pair of 35 dBi dish antennas, the Italian team was able to establish a 304 km (about 188 mi) link at data rates between 4 and 5 Mbit/s. The company (under its "Ubiquiti Labs" brand) also manufactures a home-oriented

wireless mesh network A wireless mesh network (WMN) is a communications network made up of radio nodes organized in a mesh topology. It can also be a form of wireless ad hoc network.Chai Keong Toh Ad Hoc Mobile Wireless Networks, Prentice Hall Publishers, 2002. A m ...

router and access point combination device, as a consumer-level product called AmpliFi.

Brands

Ubiquiti product lines include UniFi, AmpliFi, EdgeMax, UISP, airMAX, airFiber, GigaBeam, and UFiber. The most common product line is UniFi which is focused on home, prosumer, business wired and wireless networking. EdgeMax is a product line dedicated to wired networking, containing only routers and switches. UISP, announced in 2020, is a range of products for internet service providers. airMAX is a product line dedicated to creating point-to-point (PtP) and point-to-multi-point (PtMP) links between networks. airFiber and UFiber are used by Wireless Internet Service Providers (WISP), and Internet Service Providers (ISP) respectively.

Software products

UniFi controller is a software package that can either run on special hardware (UniFi Cloudkeys, UniFi Dream Machine) or can be installed on Linux, Mac, or Windows. The controller manages all connected devices (access points, routers, switches, cameras, locks) and provides a single point for configuration and administration. WiFiman.com is an internet speed test tool that is integrated into most Ubiquiti products. It has mobile apps and a web version.

Security issues

U-Boot configuration extraction

In 2013, a security issue was discovered in the version of the

U-Boot U-boats were naval submarines operated by Germany, particularly in the First and Second World Wars. Although at times they were efficient fleet weapons against enemy naval warships, they were most effectively used in an economic warfare role ...

boot loader A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer. When a computer is turned off, its softwareincluding operating systems, application code, a ...

shipped on Ubiquiti's devices. It was possible to extract the

plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...

configuration from the device without leaving a trace using

Trivial File Transfer Protocol Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. ...

(TFTP) and an

Ethernet Ethernet () is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...

cable, revealing information such as passwords. While this issue is fixed in current versions of Ubiquiti hardware, despite many requests and acknowledging that they are using this GPL-protected application, Ubiquiti refused to provide the

source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...

for the

GNU General Public License The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the Four Freedoms (Free software), four freedoms to run, study, share, and modify the software. The license was th ...

(GPL)-licensed U-Boot. This made it impractical for Ubiquiti's customers to fix the issue. The GPL-licensed code was released eventually.

Upatre Trojan

It was reported by online reporter

Brian Krebs Brian Krebs (born 1972) is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals.Perlroth, Nicole.Reporting From the Web's Underbelly. ''The New York Times''. Retrieved February 28, ...

, on June 15, 2015, that "Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking heUpatre

rojan software Rojan may refer to: * Rojan, Iran, a village in Kerman Province * Rojan (musician), Iranian Classical musician (Kurdish and Persian Traditional Music) * A pen name often used by Feodor Stepanovich Rojankovsky, an illustrator of children's books an ...

being served from hundreds of compromised home routers – particularly routers powered by

MikroTik MikroTik (officially SIA "Mikrotīkls") is a Latvian network equipment manufacturer. The company develops and sells wired and wireless network routers, network switches, access points, as well as operating systems and auxiliary software. The com ...

and Ubiquiti's airOS". Bryan Campbell of the Fujitsu Security Operations Center in Warrington, UK was reported as saying: "We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS ... The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur."

2021 alleged cloud data breach

In January 2021, a potential data breach of cloud accounts was reported, with customer credentials having potentially been exposed to an unauthorised third party. In March 2021 security blogger

reported that a whistleblower disclosed that Ubiquiti's January statement downplayed the extent of the data breach in an effort to protect the company's stock price. Furthermore, the whistleblower claimed that the company's response to the breach put the security of its customers at risk. Ubiquiti responded to Krebs's reporting in a blog post, stating that the attacker "never claimed to have accessed any customer information" and "unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials." Ubiquiti further wrote that they "believe that customer data was not the target of, or otherwise accessed in connection with, the incident." On December 1, 2021, the

United States Attorney for the Southern District of New York The United States Attorney for the Southern District of New York is the chief federal law enforcement officer in eight New York counties: New York (Manhattan), Bronx, Westchester, Putnam, Rockland, Orange, Dutchess and Sullivan. Establishe ...

charged a former high-level employee of Ubiquiti for data theft and wire fraud, alleging that the "data breach" was in fact an inside job aimed at extorting the company for millions of dollars. The indictment also claimed that the employee caused further damage "by causing the publication of misleading news articles about the company’s handling of the breach that he perpetrated, which were followed by a significant drop in the company’s share price associated with the loss of billions of dollars in its market capitalization." ''

The Verge ''The Verge'' is an American technology news website operated by Vox Media, publishing news, feature stories, guidebooks, product reviews, consumer electronics news, and podcasts. The website launched on November 1, 2011, and uses Vox Media' ...

'' reported that the indictment shed new light on the supposed breach and appeared to back up Ubiquiti's statement that no customer data was compromised.

Brian Krebs Lawsuit

In March 2022, Ubiquiti filed a lawsuit against security researcher

, alleging defamation for his reporting on their security issues. Both parties resolved their dispute outside the court in September 2022.

Legal difficulties

United States sanctions against Iran

In March 2014, Ubiquiti agreed to pay $504,225 to the

Office of Foreign Assets Control The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency of the U.S. Treasury Department. It administers and enforces economic and trade sanctions in support of U.S. national security and foreign policy ob ...

after it allegedly violated

U.S. sanctions against Iran The United States has since 1979 applied various economic, trade, scientific and military sanctions against Iran. United States economic sanctions are administered by the Office of Foreign Assets Control (OFAC), an agency of the United States De ...

Open-source licensing compliance

In 2015, Ubiquiti was accused of violating the terms of the

GPL The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general u ...

license for open-source code used in their products. The original source of the complaint updated their website on May 24, 2017, when the issue was resolved. In 2019, Ubiquiti was reported as again being in violation of the

Other

In 2015, Ubiquiti revealed that it lost $46.7 million when its finance department was tricked into sending money to someone posing as an employee.

References

External links

* {{Official website Companies based in San Jose, California Companies established in 2005 Companies listed on the Nasdaq Networking companies of the United States Networking hardware companies