Hacker invaded Wyoming Medical Center
infosec

Hacker invaded Wyoming Medical Center

Hackers invaded Wyoming medical center systems forcing a hospital to cancel some surgeries, stop accepting ...
Read More
infosec

WeWork's WiFi network is leaking sensitive user information

WeWork WiFi vulnerabilities in the Manhattan-based company building which exposed sensitive company data, ...
Read More
infosec

Microsoft: The biggest risk for businesses is cyberattacks

According to a survey by Marsh and Microsoft, the biggest threat to businesses is cyberattacks. Nowadays,...
Read More
infosec

How to fix iOS 13 bugs in iPhone Mail app

If you have upgraded to iOS 13, then you may have discovered that the Mail app behaves a bit weird, which is ...
Read More
infosec

Check if your folders have malware with Windows Defender!

Windows comes with a free antivirus program, called Windows Defender, that offers continuous protection as well as the ability to ...
Read More
Latest Posts

Critical vulnerabilities have been identified in the IoT devices of Telestar Digital GmbH

Critical vulnerabilities have been discovered in Radio Telestar Digital GmbH Internet of Things (IoT) devices that allow hackers to invade systems remotely.

IoT

On Monday, researcher Bunjamin Kunz unveiled the company's findings that affect the CVE-2019-13473 and CVE-2019-13474 editions.

A few weeks ago, the company found an anomaly in a private server connected to Telestar web broadcasting terminals alongside an informal telnet server. These radios come from the company's Imperial & Dabman Series I and D product line, which includes portable radios and DAB stereos. These products are sold throughout Europe, use a link Bluetooth and Internet and are based on BusyBox Linux Debian.

An investigation into radios revealed an unsupported Telnet service on Port 23 and because port forwarding was active, it could be dealt with externally. The following video shows how a port scan, nmap tool, and ncrack could be used to infiltrate the system.

The team was able to connect to the radio in just 10 minutes due to the loose password security, giving them full root access royalties.

"We tested some of them for the test folders, we created files and modified paths to see what we could change in the application, "says Kunz. "Finally, we were able to process and access everything in the box and were able to completely undermine the Telestar Digital GmbH radio frequency device."

Possible attacks included changing device names, forcing playback flow, storing audio files as messages, and transmitting audio as commands both locally and remotely.

On Facebook, the security researcher said that more than a million devices may be at risk.

Telestar Digital GmbH

While hacking an IoT radio may not seem like a big security issue, the revelation highlights one problem that affects us all - the intrusion into IoT devices to create greater threats. For example, bot Mirai variants specialize in hijacking open-source or weak security IoT devices - such as those using default credentials - to launch powerful distributed DDoS attacks. It is also possible to exploit these vulnerabilities to spread malware.

The telnetd service has changed and the use of the loose password has been revised. Wi-Fi automatic updates are now available and can be applied by setting affected devices to factory settings and accepting downloads of the latest firmware version.

How useful was this post?

Average rating / 5. Vote count:

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Teo Ehc

About Teo Ehc

BE THE LIMITED EDITION.

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *