Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Telnet backdoor vulnerabilities impact over a million IoT radio devices

September 9, 2019
in Internet Security
Telnet backdoor vulnerabilities impact over a million IoT radio devices
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Critical vulnerabilities have been discovered in Telestar Digital GmbH Internet of Things (IoT) radio devices that permit attackers to remotely hijack systems. 

On Monday, Vulnerability-Lab researcher Benjamin Kunz disclosed the firm’s findings, of which two CVEs have been assigned, CVE-2019-13473 and CVE-2019-13474. 

You might also like

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers

Zigbee inside the Mars Perseverance Mission and your smart home

FTC joins 38 states in takedown of massive charity robocall operation

Several weeks ago, the company found an anomaly on a private server linked to web radio terminals belonging to Telestar devices, alongside an undocumented telnetd server. 

The radios in question are from the company’s Imperial & Dabman Series I and D product line, which include portable radios and DAB stereos.

See also: Malicious Android apps containing Joker malware set up shop on Google Play

These products are sold across Europe, utilize Bluetooth and Internet connectivity, and are based on BusyBox Linux Debian. 

An investigation into the radios revealed an undocumented Telnet service on Port 23, and as port forwarding was active, could be addressed externally. The video below shows how a port scan, the nmap tool, and ncrack could be used to infiltrate the system. 

The team was able to connect and brute-force the radio within only 10 minutes due to lax password security, granting them root access with full privileges. 

CNET: Defense Department wants Apple, Google to reveal names of gun scope app users, report says

“For testing we edited some of the folders, created files, and modified paths to see what we are able to change in the native source of the application,” Kunz says. “Finally, we were able to edit and access everything on the box and had the ability to fully compromise the smart web radio device.”

Possible attacks included changing device names, forcing a play stream, saving audio files as messages, and to transmit audio as commands both locally and remotely. 

On Facebook, the security researcher said over one million devices may be at risk. 

While the single compromise of an IoT radio may not seem like a big security issue, the disclosure highlights a problem that impacts all of us — the enslavement of IoT devices to create larger threats. As an example, Mirai botnet variants specialize in hijacking IoT devices with open ports or weak security — such as those using default credentials — in order to launch powerful distributed denial-of-service (DDoS) attacks. 

TechRepublic: How to prevent a Corporate Account Takeover

It is also possible to harness these vulnerabilities to spread malware or to deface devices. 

Vulnerability-Lab notified Telestar Digital GmbH of its research on June 1. Within a week, the vendor responded to the report and a patch was ready by August 30, leading to the coordinated public disclosure. 

The telnetd service is being changed and the lax password use has been revised. Automatic updates via Wi-Fi are now available and can be implemented by setting impacted devices back to factory settings and accepting downloads of the latest firmware version. 

Telestar Digital GmbH is not aware of any examples of the vulnerabilities being exploited in the wild. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

Next Post

YouTube promised to halt comments on kids videos already. It hasn't

Related Posts

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers
Internet Security

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers

March 6, 2021
Zigbee inside the Mars Perseverance Mission and your smart home
Internet Security

Zigbee inside the Mars Perseverance Mission and your smart home

March 6, 2021
FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
Next Post
YouTube promised to halt comments on kids videos already. It hasn’t

YouTube promised to halt comments on kids videos already. It hasn't

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers
Internet Security

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Machine learning the news for better macroeconomic forecasting
Machine Learning

Reducing Blind Spots in Cybersecurity: 3 Ways Machine Learning Can Help

March 6, 2021
5 Tech Trends Redefining the Home Buying Experience in 2021 | by Iflexion | Mar, 2021
Neural Networks

5 Tech Trends Redefining the Home Buying Experience in 2021 | by Iflexion | Mar, 2021

March 6, 2021
Zigbee inside the Mars Perseverance Mission and your smart home
Internet Security

Zigbee inside the Mars Perseverance Mission and your smart home

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers March 6, 2021
  • Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories March 6, 2021
  • Reducing Blind Spots in Cybersecurity: 3 Ways Machine Learning Can Help March 6, 2021
  • 5 Tech Trends Redefining the Home Buying Experience in 2021 | by Iflexion | Mar, 2021 March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates