Posted on 03/02/2017 9:49:29 AM PST by Swordmaker
Researchers at Trustwave have uncovered a backdoor in IoT devices from a Chinese manufacturer that could leave them open to exploitation.
The backdoor is present in almost all devices produced by VoIP specialist DBLTek, and appears to have been purposely built in for use by the vendor.
It uses a simple challenge and response mechanism to allow remote access. However, Trustwave's investigation has shown this scheme to be fundamentally flawed in that it is not necessary for a remote user to possess knowledge of any secret or password, besides the challenge itself and knowledge of the protocol/computation used.
The issue permits a remote attacker to gain a shell with root privileges on the affected device. It was first identified in an 8 port DBLTek VoIP GSM Gateway, however a number of other devices are also believed to be vulnerable.
When Trustwave researchers disclosed the discovery, DBLTek responded by trying to make the backdoor more hidden -- using a slightly more complex challenge-response system -- rather than closing it, before cutting off contact with Trustwave. The researchers have since been able to write exploits that open both the old and new backdoors.
Full details of the exploit and the devices affected can be found on the Trustwave blog.
Image Credit: Spectral-Design / Shutterstock
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
I’m not sure but its very possible this could give an outsider the ability to bypass home network security.
It would not give them access to computers protected by firewalls but would give them the chance to play “guess your password”
WARNING!! Trojan web site!
Only a matter of time. And that is why i will always want all of my appliances, home and car to be dumb as a stone..
No, because Apple controls the entire widgets' Operating Systems in HomeKit. Apple has a philosophy that their customers' privacy is extremely important. . . because YOU are the customer, not the product. With Android and Alphabet/Google, your information and privacy is what they sell, so YOU are the product. Apple has not installed any backdoors in their hardware or software. They will not.
Electronic door locks; home security cameras; home security systems. Hacking into that trifecta would be burglar nirvana. Just bring some ground sirloin for Fido.
Surprise Surprise Surprise.
Lots of IoT devices are insecure, this is just one of many. Many don’t even employ a challenge/response mechanism of any kind.
HAHAH, Common Practice, Get TOR, A VPN with BITCOIN, Stay away from the DARK WEB,
Uh, my FRiend, that has nothing to do with a built in backdoor on an Internet of Things device you add to your house. . . such as a thermostat, a lightbulb, an alarm system, a refrigerator, etc. These are not going to surf the internet independently, but some hacker knowing of the backdoor can use them to compromise your Local Area Network and perhaps access your computers.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.