Cryptocurrency: Ways to Enhance Your Privacy
infosec tweaks

Cryptocurrency: Ways to Enhance Your Privacy

Privacy and privacy on the internet are of great importance. It is not enough to take one or two measures to protect ...
Read More
infosec

KnowBe4: The world's largest security awareness training and simulated phishing platform

KnowBe4 is the provider of the world's largest security awareness training and simulated phishing platform. Sales of KnowBe4 ...
Read More
infosec

What are the most common passwords? Risk of violation

Passwords are a matter that has been discussed many times. The National Security Center in the UK presented a ...
Read More
infosec

Windows Update: Caused problems with Sophos, Avira and Avast

9 April released the new Windows security update. However, it was noticed that after installing the update some ...
Read More
infosec

The Weather Channel Global Weather Channel was attacked by ransomware

The Weather Channel Global Weather Channel was attacked by ransomware resulting in the live broadcast being interrupted for about 90 minutes ....
Read More
Latest Posts

Hackers exploit security vulnerabilities in teleconferencing devices

vulnerabilitiesSecurity vulnerabilities in some videoconferencing products could allow hacker to acquire remote control of the equipment and to use it as a snooping tool.

The remote OS command injection vulnerabilities affect four enterprise collaboration products of Lifesize - Lifesize Team, Lifesize Room, Lifesize Passport and Lifesize Networker and were revealed by researchers at Trustwave.

Vulnerability requires intruders to gain access to the Lifesize firmware, which also requires them to know the serial number of the device.

According to the researchers, if this is achieved, then it is "playful" to gain control of the device with some software tools and information from the Lifesize support page, which can give them unlawful access to the device. Devices also connect to a default support account, which is accompanied by a default password - which many users will not have changed, providing the attackers with significant help.

The initial vulnerability is due to what researchers describe as a programming error, which allows users to enter without restrictions from protective functions. By combining this with a privilege escalation error, it is possible to execute system commands, giving the attackers a push to enter the network that is the Lifesize product.

The combination of privilege escalation and command injection privileges can lead to full control of the device.

"With this you have access to everything. Any video or sound stored on this machine can be acquired very easily, "Ed Williams, director of Trustwave's Spiderlabs Research Division, told ZDNet.

"This machine can be used as a starting point to attack other machines. If someone can gain access to audio equipment over the Internet, they can access the underlying operating system through this vulnerability. "

The nature of the attack is such that it would be difficult to tell if a device has been tampered with.

Lifesize told ZDNet to issue a patch for the affected products.

"We are preemptively dealing with vulnerability and automatically protect all Icon 220 series systems that are linked to Lifesize Cloud. For non-cloud devices, customers will need to take advantage of the hotfix. We will work with each customer to resolve the issue as quickly as possible, "said Bobby Beckmann, chief technology officer at Lifesize.

To protect against attacks, Trustwave has prompted users to change their device's default passwords. Users are also advised to know which devices are on their network and whether these devices are upgraded.

HTrustwave has published a complete technical analysis of vulnerability in blog of the company.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *