Geekly Articles each Day
📜 ⬆️ ⬇️

Four ways Ubiquiti Networks creatively violates the GPL



Another company was accused of violating the GPL free license, and this case is out of line.

Ubiquiti Networks manufactures long-range wireless equipment. These are very cool things, for example, allowing you to transmit a WiFi signal for 300 km . Unfortunately, behind the company there is a dark trail of securities frauds , violations of US sanctions , trademark and copyright lawsuits , and the use of software patents . All this is absolutely not happy.
')
Here are four ways in which Ubiquiti Networks successfully disguises the facts of violations of the GPL, so that they are difficult to notice, and even harder to counter them.

1. Visibility of compliance




The Ubiquiti website has a section from where you can download tar files supposedly containing GPL source codes for each firmware version. If you look at these files, they look complete , there are assembly instructions to make your own custom firmware.

Only if you look closely, you begin to notice problems, such as ...

2. Refusal to provide the source code of the modified bootloader, although security vulnerabilities have arisen due to their changes.




Up to the version of Ubiquiti airOS 5.5.4, a modified version of the u-boot bootloader contained a vulnerability - it was possible to extract the configuration file from the device in the open form without leaving any traces . And in this configuration file were unencrypted passwords WPA / WPA2 / RADIUS .

Worse than a security issue, Ubiquiti’s response to this problem. In particular, they are:


To this day, Ubiquiti has still not provided the u-boot source code.

3. Publishing the source of the Linux version, which is different from binary, in the hope that no one will notice the difference




It would be logical to assume that the binaries distributed by Ubiquiti are compiled from the sources distributed by Ubiquiti. As it turns out, in a large number of releases, the source code of the distributed kernel does not match the kernel in the official firmware .

As one of the evidence of the inconsistency, in the AirMax 5.5.4 firmware, the kernel was changed in such a way that the MTD partitions are open only for reading, but this change cannot be found in the corresponding kernel patches or source files .

This practice makes finding violations extremely difficult, and we cannot know for sure that they did not do something similar with any other files under the GPL. Perhaps this is just a mistake, but you need to remember that people complained about this problem - and received practically no answer.

Speaking of complaints ...

4. Delaying requests for GPL code for months, and then inexplicable silence


If you think that I am too cruel to Ubiquiti when I bring these questions up for public discussion, then keep in mind that I have been trying to contact Ubiquiti over the past year about the u-boot sources. My attempts to see here , here and here .

In fact, I even found the copyright owner of the u-boot to ask for the source code, but they never provided it.

From my conversations with Ubiquiti, I got the impression that they consider it normal to hide software code under the GPL, if "this is done to protect users." Moreover, my correspondence with them was endlessly interrupted due to delays allegedly related to the need to transfer the request to another unnamed department.

In the end, this department never sent an answer, in the hope that I would just forget or give up.

But if we want the GPL to retain its strength, we cannot afford it. If you have a minute, do one of the following, so that we can retain the power of the GPL for the common good.

Source: https://habr.com/ru/post/374881/

More articles:


All Articles