BlogSpotTips

  • Home
  • Software
  • Finance
  • Game
  • Social Media
  • Education
  • Latest Internet News
  • Contact Us !
Menu
 Home > Software > Backdoor account replaced by another backdoor in security stumble

Backdoor account replaced by another backdoor in security stumble

posted by Deep | February 4, 2016 | In Software | No Comments

Security

A company that makes video conferencing products replaced one serious security vulnerability with another, despite being warned of the dangers.

AMX Harman, which makes a variety of audio-visual and building control equipment, has patched the problem. But on Thursday SEC Consult, an information security firm in Vienna, revealed what it says is the back story.

Last March, SEC Consult warned AMX that it had found a secret account in certain versions of the NX-1200, an appliance for controlling audio-visual systems.

The hidden account used the username Black Widow, and SEC Consult said it found the password as well by studying the appliance’s authentication procedures.

amx black widow account

SEC CONSULT

The credentials can be used to gain broad access to the device, including the web-based management and command line interfaces. A hacker would also be able to capture packets, SEC Consult wrote.

The account appears to have been intentionally created, Johannes Greil, head of SEC Consult Vulnerability Lab, said via email.

“The backdoor is quite critical, because it seems to be deliberate and not some leftover from developers,” he wrote. “The system tries to actively hide it from user management interfaces and the backdoor account even has more privileges than an admin account.”

The finding by SEC Consult is worrying since AMX has a significant government business. In a photo on its website, it shows a photo of U.S. President Barack Obama with top advisors with the tag line “Room Automation.”

amx obama

AMX HARMAN

Image from AMX Harman’s website.

Although it was notified in March, AMX didn’t provide a fix until October. When SEC Consult analyzed the fix, they noticed the “Black Widow” account had simply been changed to a new username.

According to a security brief from AMX, it removed what it called the “debugging account” to prevent a security vulnerability.

SEC Consult said it hasn’t checked to see if the latest fix is effective. It did not release the passwords for either of the hidden accounts.

A more detailed advisory from SEC Consult says that backdoors affect many other products besides the NX-1200. AMX officials could not immediately reached for comment.

Now that the issue has ostensibly been resolved, SEC Consult wrote that its contact at AMX said the company “will be starting a major security initiative.”

[“source-businesstoday”]

About The Author

deep

Related Posts

  • Galaxy Note 6 to land in the UK from the beginning, S7 edge+ not at all
  • IRYStec Software Expanding Overseas
  • Fortive to buy software maker Accruent for US$2 bil
  • iOS 9.3 beta brings multi-user support to iPads, only in schools though
Tweet
Pin It
  • Subscribe to Blog via Email

  • Breaking News

    • Why asking, “How are you feeling today?” is so important for managers leading through change
      July 28, 2022

      When you’re driving change to your stakeholders—be it the executive team, your employees, the

    • SEPTEMBER 4TH GOOGLE UPDATE REPORTS ABOUT A MAJOR UPDATE
      July 23, 2022

      I am seeing some early signs of a possible major Google update currently underway.

    • Writing an Article vs. Writing a Blog Post: What’s the Difference?
      July 21, 2022

      There’s a lot of confusion out there in the freelance-writing world today about blog

    • Microsoft 365 Business Premium is the Best Plan for Most Businesses
      June 13, 2022

      If your organization is planning on utilizing Microsoft 365, you absolutely need your first

    • Stocks making the biggest moves midday: Shopify, Etsy, Twitter and more Stocks making the biggest moves midday: Shopify, Etsy, Twitter and more
      June 8, 2022

      Shares jumped 10.7% after the computer software company posted better-than-expected results for the previous

    • Stocks making the biggest moves premarket: Dick’s Sporting, Express, Wendy’s and more Stocks making the biggest moves premarket: Dick’s Sporting, Express, Wendy’s and more
      June 3, 2022

      Dick’s Sporting Goods (DKS) – The sporting goods retailer’s shares slid 14.4% in the premarket

    • Stellantis CEO warns of electric vehicle battery shortage, followed by lack of raw materials Stellantis CEO warns of electric vehicle battery shortage, followed by lack of raw materials
      June 3, 2022

      Stellantis CEO Carlos Tavares said he expects shortages of the batteries and raw materials needed

  • Find Us !

    Find Us !
BlogSpotTips Copyright © 2023.