Thursday, April 9, 20:35
Home security Hackers exploit security vulnerabilities in teleconferencing devices

Hackers exploit security vulnerabilities in teleconferencing devices

vulnerabilitiesSecurity vulnerabilities in some videoconferencing products could allow hacker to acquire remote control of the equipment and to use it as a snooping tool.

The remote OS command injection vulnerabilities affect four enterprise collaboration products of Lifesize - Lifesize Team, Lifesize Room, Lifesize Passport and Lifesize Networker and were revealed by researchers from Trustwave.

Vulnerability requires intruders to gain access to the Lifesize firmware, which also requires them to know the serial number of the device.

According to the researchers, if this is achieved, then it is a "toy" to gain control of the device with some software tools and information from the Lifesize support page, which may provide them with illegal access to the device. The devices are also linked to a default support account, accompanied by a default password - which many users will not have changed, providing important help to attackers.

The initial vulnerability is due to what researchers describe as a programming error, which allows users to enter without restrictions from protective functions. By combining this with a privilege escalation error, it is possible to execute system commands, giving the attackers a push to enter the network that is the Lifesize product.

The combination of privilege escalation and command injection privileges can lead to full control of the device.

- Advertisement -

“With it you have access to everything. Any video or audio stored on this machine can be easily acquired, ”said Ed Williams, director of Trustwave's Spiderlabs research division.

“This machine can be used as a starting point to attack other machines. If one can access audio equipment over the Internet, one can access the underlying operating system through this vulnerability. "

The nature of the attack is such that it would be difficult to tell if a device has been tampered with.

Lifesize told ZDNet to issue a patch for the affected products.

“We proactively address the vulnerability and automatically protect all Icon 220 Series systems that are connected to the Lifesize Cloud. For devices not connected to the cloud, customers will need to utilize the hotfix. We will work with each client to resolve the issue as quickly as possible, ”said Bobby Beckmann, Head of Technology at Lifesize.

To protect against attacks, Trustwave has prompted users to change their device's default passwords. Users are also advised to know which devices are on their network and whether these devices are upgraded.

HTrustwave has published a complete technical analysis of vulnerability in blog of the company.

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

loopfs: Could it be the new Linux file system?

Linux supports several file systems, such as EXT4, F2FS, Btrfs and XFS. These systems are sufficient when ...

Research: Teenagers prefer iPhones to Samsung phones

According to research conducted every six months in order to record the habits of teenagers, young people do not choose Samsung phones ....

Bill Gates: Schools open in the fall and the economy collapses

Bill Gates believes schools will be able to open in the fall, he told Becky Quick on CNBC.

OTE Group Telecommunications Museum: Educational programs and entertainment activities from home for children aged 4-12 and the whole family

Educational programs and entertainment activities for children and families, in which they can participate from home, are offered by the Group's Telecommunications Museum ...

Microsoft: The April 2020 update for Office has been released

Microsoft released the non-security updates of April 2020 for Microsoft Office, which include corrections for errors as well as improvements ...

Tesla's new Cheetah mode offers top performance

The new Cheetah mode in the Tesla S model pushes the electric car from 0 to 100 km / h faster than ...

Tails 4.5: The new, safer version has been released!

Tails 4.5: The new, safer version has been released - Tails, is a live operating system based on ...

Windows 10 feature helps to delete useless files and apps

Windows 10 will make it easier to delete useless files and apps by displaying them in a list.

Cloudflare: Stops using Google's reCAPTCHA!

Cloudflare has announced that it will stop using Google's reCAPTCHA and switch to a new bot detector that ...

Google Stadia Pro is available for free for two months! Time for video games!

The situation we are experiencing lately due to corona, is one of the most difficult situations of ...