Data Centre

Networks

Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?

You didn't ask for it, we didn't tell you about it, but hey, it clears GDPR so what you gonna do?

By Shaun Nichols in San Francisco

134 SHARE

Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry.

It all kicked off when the US-based manufacturer confirmed that a software update released this month programmed the devices to establish secure connections back to Ubiquiti servers and report information on Wi-Fi router performance and crashes.

Ubiquiti told customers all of the information is being handled securely, and has been cleared to comply with GDPR, Europe's data privacy rules. Punters are upset they weren't warned of the change.

"We have started to gather crashes and other critical events strictly for the purpose of improving our products," the hardware maker said. "Any data collected is completely anonymized, GDPR compliant, transmitted using end-to-end encryption and encrypted at rest. The collection of this data does not and should not ever impact performance of devices."

In its current state, Ubiquiti's EdgeSwitch won't have much of an edge on anyone

READ MORE

The assurance was of little consolation to UniFi owners who bristled at the idea of any of their data being collected, particularly without any notification nor permission. In particular, enterprise customers were less than thrilled to learn diagnostic data was being exfiltrated off their network.

"Undisclosed backdooring of my network is completely unacceptable and will result in no longer recommending, using, or selling of Ubiquiti gear," remarked one netizen using the alias Private_.

"I realize that UBNT is too big to care about the few tens of $K per year that I generate for them, but I want to formally and clearly disclose my privacy policy/EULA, so that we understand each other. This is a stealth network intrusion and I don't/won't accept it."

Ubiquiti has offered an olive branch of sorts to its upset customers, as the biz said there are plans in place to release another firmware update that will allow customers to opt out of the data collection. No release date has been given, and Ubiquiti did not respond to a request for comment on the matter.

In the meantime, however, punters are going to have to deal with knowing that Ubiquiti will be slurping some of their data, and that is not going over particularly well. One mitigation is to use DNS or IP address filtering to block connections from the devices to Ubiquiti's servers, though this may interfere with the equipment's operation.

"Despite our good experiences with the hardware and our clients' satisfaction, this is absolutely a step too far," said user sillyrat. "We're through buying Ubiquiti products unless and until they go back to doing only what we set them up to do." ®

Thanks to Reg reader Kevin Campbell for the tip.

Sign up to our NewsletterGet IT in your inbox daily

134 Comments

Related

Crown Prince of Saudi Arabia accused of hacking Jeff Bezos' phone with malware-laden WhatsApp message

Updated Mid-East nation slams 'absurd' claim, UN report to emerge

Britain approved £2.5m of snooping kit exports to thoroughly snuggly regime in Saudi Arabia

Who was Jamal Khashoggi, anyway?

Who honestly has a crown prince in their threat model? UN report officially fingers Saudi royal as Bezos hacker

Rapporteurs call for investigation, technical security report leaks

Google Cloud chief joins Saudi shindig exodus over journalist's worrying disappearance

Jamal Khashoggi: Oil-rich state is blushing but Western leaders aren't saying much

Ex-Twitter staff charged with spying for Saudi royals: Duo accused of leaking account records, including those of critics

One cuffed by Feds this week

Robot granted Saudi citizenship has more rights than Saudi women

Creepy Sophia strikes again

Poor, poor mobile networks. UK's comms watchdog plans to stop 'em selling locked-down handsets

First OTT apps nick their SMS revenue, now this...

'Big three' 5G kit maker Nokia downgrades profits as returns from next-gen networks fail to show up

Soz shareholders, no dividend for you

More money than sense? Saudi Arabia invests $400m in Magic Leap

Analysis Saudi Arabia shows more optimism for AR tech than… well, everyone else

Google's OpenSK lets you BYOSK – burn your own security key

Now there's no excuse

Whitepapers

Reduce Redis Enterprise Deployment Cost, Complexity with Intel® Optane™ DC Persistent Memory

Intel and Redis Labs have prepared this kit to help you reduce Redis Enterprise deployments cost and complexity with 2nd Generation Intel® Xeon® Scalable processors and Intel® Optane™ DC persistent memory.

How to Build Your Digital Experience Portfolio

In this session, Michael Facemire, Forrester VP & Principal Analyst at Forrester will cover how a digital experience portfolio strategy can help IT teams deliver new experiences

Fine turn multi-cloud with containers and Intel Optane DC

Intel’s paper Making Multi-cloud Work discusses the seven considerations IT chiefs should address when optimising their multi-cloud environment and it comes with two companion reports

How to Fortify Your Organization’s Last Layer of Security – Your Employees

People impact security outcomes, much more often than any technology, policy or process.