I Bought a New Router. It Told Me I Was Hacked.
The Ubiquiti UniFi Dream Machine was unexpectedly worth the cost
Last week, I was at the end of my rope with my old router.
I bought the old clunker, a TP-Link Archer C7, in 2015. It was the Wirecutter pick at the time, which gave me license to tell my roommates that I was going to spend $100 on a router.
Now, one apartment later, I have two floors: A first floor and a basement level that acts as my bedroom. The old router’s antennae just couldn’t penetrate into the lower level. It basically meant no Wi-Fi downstairs, which mitigated screens before bed and made my Sanctuary of Slumber Arianna Huffington-approved.
But my smooth, mushy brain wanted to stare at the small, glowing rectangle.
I tried range extenders, learned that they didn’t relay the signal but just created a new network that confused my phone, and then gave up for a month or two. I set up my desktop downstairs with a MoCA adapter that runs internet through the coaxial cables in my apartment, fitting me with a gigabit LAN in my apartment but still no Wi-Fi downstairs.
For a few years, I’ve lurked on r/UniFi, a subreddit dedicated to home and enterprise networking hardware made by Ubiquiti. Their products have always been touted as reliable and extensible. They also have a beautiful user interface, and there are tons of features that I could poke and prod, like granular deep packet inspection and detailed logging.
Then, OneZero’s own Owen Williams wrote about his UniFi setup, and it sent me down the rabbit hole again. A few times. I’d find myself kitting out all the PoE network switches and access points I’d need while eating lunch or during a slow workday. It usually ended with me raising an eyebrow at the price tag and solemnly closing the tab.
Last week, after repeatedly trying and failing to send a photo over my phone’s iMessage from my desk downstairs, I gave up. Cost be damned, I ordered a $329 Ubiquiti Dream Machine from a Microcenter down the street.
The Dream Machine is a little all-in-one machine that can act as the brain, network switch, and central wireless router for your Ubiquiti setup. It also has features that I didn’t know would come in handy, like an Intrusion Prevention System. I figured that I could use it as a solo router until I could measure Wi-Fi throughput around my apartment and find the best place to tack on any additional access points that I needed downstairs.
Setup took minutes, and I started to tinker with settings. I flipped on the Intrusion Protection System and endpoint scanning. The former would find potentially malicious traffic, and the latter would scan my devices on the network to make sure they were legit and not let them connect without proper permissions. I like this.
Then I checked my Wi-Fi downstairs. It worked without any additional access points. I was, and still am, over the moon for this little magic Wi-Fi capsule.
But the next day I was thumbing through my UniFi app on my phone, and tabbed over to the Intrusion Prevention System. I found more than 300 alerts. A piece of software was pinging its home server at a “.su” domain. When I looked at the logs, they were all coming from my NAS (network-attached storage). My NAS is a little box made by a company called QNAP that acted like a personal cloud storage server for my most sensitive files.
After a quick Google of “QNAP malware,” I found that more than 60,000 NAS devices had been infected with malware called QSnatch, which ferreted an untold amount of data away from QNAP customers, could control my device, and took a lengthy, annoying process to patch. I opted to just unplug it.
I searched my email for a notice about this from QNAP. QSnatch was reported in October 2019 by Finnish authorities. The only emails I can find from QNAP, aside from marketing materials, were nonspecific prods from June 2020 to update my firmware for security upgrades.
I don’t know if my NAS is infected with QSnatch. It might be. It also was just as likely some other malware.
But seeing as how I used this NAS for a “safe” home base for my most personal files, I can’t see how I can trust my own device or the company anymore. Even if I’m overreacting and the “.su” domain was erroneously flagged as being associated with malware, the process led me to learning of a massive security breach of a company whose device I naively trusted.
(And anyway, the “.su” domain has seemingly been flagged as related to malware by other security vendors — I don’t think I’m overreacting.)
I’m moving all my files off my QNAP NAS, and I’ll probably end up moving to a managed cloud storage provider like Google Drive or iCloud for files I need to regularly access. For long-term mass storage, like photos, videos, and sensitive documents, I’ll probably put them on regular external hard drives that aren’t connected to the internet.
After all this, I’m starting to rethink the way that I look at data storage. It’s not critical I have access to all my data on a 24/7 basis, and I think I severely underestimated the danger of putting these rarely accessed personal files on a device connected to the internet. I’m fairly tech-savvy and set up my QNAP as securely as I could when I got it, so I figured I’d be fine. I was wrong.
A hard drive is 80% as convenient as my NAS, and 99% more secure. I still risk it getting physically stolen, but that was also a danger before.
The Dream Machine ironically ended up being a wake-up call for me. I don’t feel invincible now because I have this little capsule internet guardian. If anything, I feel more wary of where I put my data.
I urge you to do the same.