Critical vulnerabilities have been discovered in Radio Telestar Digital GmbH Internet of Things (IoT) devices that allow hackers to invade systems remotely.
On Monday, researcher Bunjamin Kunz unveiled the company's findings that affect the CVE-2019-13473 and CVE-2019-13474 editions.
A few weeks ago, the company found an anomaly in a private server connected to web radio terminals owned by Telestar devices, in parallel with an informal telnet server. These radios come from the company's Imperial & Dabman Series I and D product line, which includes portable radios and DAB stereos. These products are sold throughout Europe, use a link Bluetooth and Internet and are based on BusyBox Linux Debian.
An investigation into radios revealed an unsupported Telnet service on Port 23 and because port forwarding was active, it could be dealt with externally. The following video shows how a port scan, nmap tool, and ncrack could be used to infiltrate the system.
The team was able to connect to the radio in just 10 minutes due to the loose password security, giving them full root access royalties.
“We tested some of them for the test folders, we created files and modified paths to see what we could change in the application, ”says Kunz. "Finally, we were able to edit and access everything in the box and were able to completely undermine the Telestar Digital GmbH radio frequency device."
Possible attacks included changing device names, forcing playback flow, storing audio files as messages, and transmitting audio as commands both locally and remotely.
On Facebook, the security researcher said that more than a million devices may be at risk.
While hacking an IoT radio may not seem like a big security issue, the revelation highlights one problem that affects us all - the intrusion into IoT devices to create greater threats. For example, bot Mirai variants specialize in hijacking open-source or weak security IoT devices - such as those using default credentials - to launch powerful distributed DDoS attacks. It is also possible to exploit these vulnerabilities to spread malware.
The telnetd service has changed and the use of the loose password has been revised. Wi-Fi automatic updates are now available and can be applied by setting affected devices to factory settings and accepting downloads of the latest firmware version.