Zebeth Media Solutions

vulnerability

Aiphone door entry systems can be ‘easily’ bypassed thanks to NFC bug • ZebethMedia

A security research firm says it discovered an “easily” exploitable vulnerability in a door entry security system used in government buildings and apartment complexes, but warns that the vulnerability cannot be fixed. Norwegian security company Promon says the bug affects several Aiphone GT models that use NFC technology, often found in contactless credit cards, and allows bad actors to potentially gain access to sensitive facilities by brute-forcing the door entry system’s security code. Door entry systems allow secure access to buildings and residential complexes, but have become increasingly digitized, making them vulnerable to both physical and remote compromise. Aiphone counts both the White House and the U.K. Parliament as customers of the affected systems, according to company brochures seen by ZebethMedia. Promon security researcher Cameron Lowell Palmer said a would-be intruder can use an NFC-capable mobile device to rapidly cycle through every permutation of a four-digit “admin” code used to secure each Aiphone GT door system. Because the system does not limit how many times a code can be tried, Palmer said it takes only minutes to cycle through each of the 10,000 possible four-digit codes used by the door entry system. That code can be punched into the system’s keypad, or transmitted to an NFC tag, allowing bad actors to potentially access restricted areas without having to touch the system at all. In a video shared with ZebethMedia, Palmer built a proof-of concept Android app that allowed him to check every four-digit code on a vulnerable Aiphone door entry system in his test lab. Palmer said the affected Aiphone models do not store logs, allowing a bad actor to bypass the system’s security without leaving a digital trace. Image Credits: Cameron Lowell Palmer / Promon Palmer disclosed the vulnerability to Aiphone in late June 2021. Aiphone told the security company that systems manufactured before December 7, 2021 are affected and cannot be updated, but that systems after this date have a software fix that limits the rate of door entry attempts. It’s not the only bug that Promon discovered in the Aiphone system. Promon also said it discovered that the app used to set up the door entry system offers an unencrypted, plaintext file that contains the administrator code for the system’s back-end portal. Promon said that could allow an intruder to also access the information needed to access restricted areas. Aiphone spokesperson Brad Kemcheff did not respond to requests for comment sent prior to publication. Relatedly, a university student and security researcher earlier this year discovered a “master key” vulnerability in a widely used door entry system built by CBORD, a tech company that provides access control and payment systems to hospitals and university campuses. CBORD fixed the bug after the researcher reported the issue to the company.

A bug in Abode’s home security system could let hackers remotely switch off cameras • ZebethMedia

A security vulnerability in Abode’s all-in-one home security system could allow malicious actors to remotely switch off customers’ security cameras. Abode’s Iota All-In-One Security Kit is a DIY home security system that includes a main security camera, motion sensors that can be attached to windows and doors, and a hub that can alert users of unwanted movement in their homes. It also integrates with third-party smart hubs like Google Home, Amazon Alexa and Apple HomeKit. Researchers at Cisco’s Talos cybersecurity unit this week disclosed several vulnerabilities in Abode’s security system, including a critical-rated authentication bypass flaw that could allow anyone to remotely trigger several sensitive device functions without needing a password by bypassing the authentication mechanism of the devices. The flaw, tracked as CVE-2022-27805 and given a vulnerability severity rating of 9.8 out of 10, sits in the UDP service — a communications protocol used to establish low-latency connections between applications on the internet — responsible for handling remote configuration changes. As explained by Matt Wiseman, a senior security researcher at Cisco Talos, a lack of authorization checks means an attacker can remotely execute commands through Abode’s mobile and web applications, such as rebooting the device, changing the admin password and completely disarming the security system. Wiseman told ZebethMedia that, in general, the affected device would be deployed in a local network and wouldn’t be directly accessible over the internet. “The more likely attack is from someone on the local network or if someone has access to the device through Abode’s network — for example, if they have the username and password for the mobile application.” “That being said, it could be deployed in a situation where it’s directly accessible over the internet or where someone specifically routes traffic to certain services,” added Wiseman. Talos on Thursday disclosed several other vulnerabilities in Abode’s security system. This includes several 10-rated vulnerabilities that could be exploited by sending a series of malicious payloads to execute arbitrary system commands with the highest privileges and a second authentication bypass flaw that could allow an attacker to access several sensitive functions on the device, including triggering a factory reset, simply by setting a particular HTTP header to a hard-coded value. Cisco initially disclosed the vulnerability to Abode in July and publicly disclosed the flaws this week after patches were made available. Users are advised to update their Iota All-In-One Security Kit to the latest version as soon as possible. In a statement given to ZebethMedia, Chris Carney, Abode’s founder and CEO said: “As a security-first company, we promptly worked to fix, address and patch their findings. This work has already been done, completed and pushed as an update to customers. Additionally, there have been zero reports from Abode customers related to these findings.” Carney confirmed Abode worked with Talos to resolve the security issues. News of flaws in Abode’s internet-connected home security system comes after the U.S. government this week shared more details about its plans to launch a cybersecurity labeling program for consumer Internet of Things devices to better protect Americans from “significant national security risks.” The initiative will launch next year for the “highest-risk” devices — including home security cameras.

Subscribe to Zebeth Media Solutions

You may contact us by filling in this form any time you need professional support or have any questions. You can also fill in the form to leave your comments or feedback.

We respect your privacy.
business and solar energy