Enterprise AV devices contain secret backdoor

iTnews ^ | Jan 22 2016 10:16AM (AUS) | Juha Saarinen

[Utilizer]

Audiovisual devices made by AMX for government, education and business users contain a secret backdoor that allows full remote access without detection, security researchers have found.

European security firm SEC Consult discovered the hidden backdoor account by analysing an operating system program for user management on the AMX Netlinx NX-1200 AV controller, which is sold in Australia.

The binary contains a function named "setUpSubtleUserAccount", which adds a hidden user with administrative privileges, SEC Consult said.

Both the account username and password are stored persistently on the AMX NX-1200, meaning if an attacker has this information, they can potentially log on remotely to multiple devices.

That secret account is named BlackWidow, after a Marvel Comics superhero.

SEC Consult contacted AMX in March last year with details of the backdoor, and a patch was issued some seven months after the disclosure.

[Utilizer]

Only in Oz so far, but any security-focused individuals might wish to have a look at this to see if it translates to other business and/or POS systems.

This one seems to be just beginning, so best to take no chances I would think.

[Utilizer]

AMX, however, did not remove the backdoor with the patch. Instead, the company swapped the superhero user name to 1MB@tMaN, and the account with full administrative privileges, accessible via Secure Shell or a web interface, remained.

(Emphasis intentionally indicated.)

[SeeSharp]

setUpSubtleUserAccount

Geeze! How stupid is it to leave a symbol name like that in the binary? Remember Windows NT and "_NSAKEY"?

[Utilizer]

Update: It seems some US government agencies (White Hut, Military Services) might have been / are targeted by this problem. More developing...

[Utilizer]

Remember Windows NT and "_NSAKEY"?

All too well, unfortunately.

[MarchonDC09122009]

Makes you wonder about the vulnerability management security of our nation’s gov’t voting machines...
Democrat leftist hackers and all.

[Utilizer]

Already proven to be faulty, not that anyone that counts on the erroneous tallies for their job security (*cough* most elected officials *cough*) are worried about it.

[MarchonDC09122009]

The whole country has gone Chicago.

RE: “Already proven to be faulty, not that anyone that counts on the erroneous tallies for their job security (*cough* most elected officials *cough*) are worried about it.”

[Squeako]

Crestron 2016!!!

[Roccus]

Update: It seems some US government agencies (White Hut, Military Services) might have been / are targeted by this problem. More developing...

Good thing the Beast didn't use a government server, eh?