Monday, August 10, 23:23
Home security Hackers exploit security vulnerabilities in teleconferencing devices

Hackers exploit security vulnerabilities in teleconferencing devices

vulnerabilitiesSecurity vulnerabilities in some videoconferencing products could allow hacker to acquire remote control of the equipment and to use it as a snooping tool.

The remote OS command injection vulnerabilities affect four enterprise collaboration products of Lifesize - Lifesize Team, Lifesize Room, Lifesize Passport and Lifesize Networker and were revealed by researchers from Trustwave.

Vulnerability requires intruders to gain access to the Lifesize firmware, which also requires them to know the serial number of the device.

According to the researchers, if this is achieved, then it is a "toy" to gain control of the device with some software tools and information from the Lifesize support page, which may provide them with illegal access to the device. The devices are also linked to a default support account, accompanied by a default password - which many users will not have changed, providing important help to attackers.

The initial vulnerability is due to what researchers describe as a programming error, which allows users to enter without restrictions from protective functions. By combining this with a privilege escalation error, it is possible to execute system commands, giving the attackers a push to enter the network that is the Lifesize product.

The combination of privilege escalation and command injection privileges can lead to full control of the device.

“With it you have access to everything. Any video or audio stored on this machine can be easily acquired, ”said Ed Williams, director of Trustwave's Spiderlabs research division.

“This machine can be used as a starting point to attack other machines. If one can access audio equipment over the Internet, one can access the underlying operating system through this vulnerability. "

The nature of the attack is such that it would be difficult to tell if a device has been tampered with.

Lifesize told ZDNet to issue a patch for the affected products.

“We proactively address the vulnerability and automatically protect all Icon 220 Series systems that are connected to the Lifesize Cloud. For devices not connected to the cloud, customers will need to utilize the hotfix. We will work with each client to resolve the issue as quickly as possible, ”said Bobby Beckmann, Head of Technology at Lifesize.

To protect against attacks, Trustwave has prompted users to change their device's default passwords. Users are also advised to know which devices are on their network and whether these devices are upgraded.

HTrustwave has published a complete technical analysis of vulnerability in blog of the company.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

The best security cameras to protect your home!

If you are afraid of intruders in your home, these security cameras can stream live video directly to your phone.

Do hackers carry out their attacks in real time?

More generally, there is a perception that hackers are suddenly infiltrating systems and devices and carrying out attacks. However, the reality is different. The...

Facebook: How to hide old posts

Facebook has introduced a new tool called "Activity Management" that will allow you to delete old posts, helping you to improve ...

How to download and install the Play Store on laptops and PCs?

Nowadays, many people rely on their smartphones, as they can be used easily and quickly for ...

Portable air conditioner: It is worn on the back and as a jewel 😛

Portable air conditioner - Worn on the back and like jewelry: 40 degrees and we have melted. Those of you who are lucky on the beach, please stop ...

How to download Google Camera Port 7.4 / GCam 7.4 on Xiaomi devices?

Pixel devices have Google Camera (GCam) as their default camera application. And since the Pixel series is known for ...

How to type in multiple languages ​​simultaneously on Android

People in today's world are very much addicted to smartphones. They provide access to many applications that can be used mainly ...

LucidPix: Make your photos 3D with this app!

Give a 3D format to your photos, with the LucidPix application, which is available in various versions for both Android and iPhone ...

Private or anonymous browsing: Does it guarantee your privacy on the Internet?

The term "private" is relevant, especially when it comes to private or anonymous browsing on the Internet, a setting in your web browser ...

Businesses: 8 types of cyber attacks to watch out for

Nowadays, all businesses, small and large must be on alert, as they can ...