Tuesday, January 19, 20:49
Home security Critical vulnerabilities have been identified in the IoT devices of Telestar Digital GmbH

Critical vulnerabilities have been identified in the IoT devices of Telestar Digital GmbH

Critical vulnerabilities have been discovered in Radio Telestar Digital GmbH Internet of Things (IoT) devices that allow hackers to invade systems remotely.

 and production

On Monday, researcher Bunjamin Kunz unveiled the company's findings that affect the CVE-2019-13473 and CVE-2019-13474 editions.

A few weeks ago, the company found an anomaly in a private server connected to web radio terminals owned by Telestar devices, in parallel with an informal telnet server. These radios come from the company's Imperial & Dabman Series I and D product line, which includes portable radios and DAB stereos. These products are sold throughout Europe, use a link Bluetooth and Internet and are based on BusyBox Linux Debian.

An investigation into radios revealed an unsupported Telnet service on Port 23 and because port forwarding was active, it could be dealt with externally. The following video shows how a port scan, nmap tool, and ncrack could be used to infiltrate the system.

The team was able to connect to the radio in just 10 minutes due to the loose password security, giving them full root access royalties.

“We tested some of them for the test folders, we created files and modified paths to see what we could change in the application, ”says Kunz. "Finally, we were able to edit and access everything in the box and were able to completely undermine the Telestar Digital GmbH radio frequency device."

Possible attacks included changing device names, forcing playback flow, storing audio files as messages, and transmitting audio as commands both locally and remotely.

On Facebook, the security researcher said that more than a million devices may be at risk.

Telestar Digital GmbH

While hacking an IoT radio may not seem like a big security issue, the revelation highlights one problem that affects us all - the intrusion into IoT devices to create greater threats. For example, bot Mirai variants specialize in hijacking open-source or weak security IoT devices - such as those using default credentials - to launch powerful distributed DDoS attacks. It is also possible to exploit these vulnerabilities to spread malware.

The telnetd service has changed and the use of the loose password has been revised. Wi-Fi automatic updates are now available and can be applied by setting affected devices to factory settings and accepting downloads of the latest firmware version.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.


Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...

Virgin Orbit: Sends nine satellites into space

Virgin Orbit, a California-based start-up, has launched its first rocket into orbit around the earth. One...