Vulnerable Telnet Services Let Hackers Attack Systems Using Hijacked Radio Devices

IoT Radio Vulnerability Telnet

Given the popularity of online streaming services that run on more or less any device that connects to the internet, some people might find it hard to believe that companies are selling dedicated IoT radios that stream music and other content online. There is such a thing, though, and it seems to have attracted quite a few people. According to security researchers from Vulnerability Lab, for example, the number of IoT radios from the Telestar's Imperial & Dabman line exceeds 1 million. Up until a few days ago, this was rather alarming because these radios were vulnerable to a serious cyberattack.

Weak passwords and undocumented services posed a security risk for IoT radios

The devices in question are sold internationally, and users can interact with them both through Wi-Fi and Bluetooth. Vulnerability Lab's experts discovered the hole when they were performing a security audit on a private network and noticed some unusual configuration settings.

After a short investigation, an undocumented Telnet service running on port 23 was traced back to an IoT radio connected to the same network. For those of you unfamiliar with it, Telnet is an application protocol which can facilitate the communication between users and devices. It has been around for a while now, but the lack of encryption and other security concerns mean that other, more robust alternatives are preferred, so when they saw it running, the researchers were more than a little surprised.

The service did require authentication, but this was never going to be enough to stop the security experts. Using a password-cracking tool called Ncrack, they managed to brute-force their way in a matter of minutes, and because the Telnet service let them log in as root users, the device was basically wide open for them. During their tests, they managed not only to change the device name and force a different stream, but also create, modify, and delete files on the Linux-based system.

How bad can a vulnerable IoT radio be?

You might think that this vulnerability can only be useful to pranksters who want to change radio stations people listen to remotely, but the fact of the matter is, a hacked IoT radio could cause a lot of harm. As we mentioned already, there are many of them around, and if hijacking them is so easy, creating a large botnet of zombie devices won't be too difficult. The crooks have actually done it in the past.

In late 2016, they launched some of history's biggest, most impactful Distributed Denial of Service (DDoS) attacks with the help of the Mirai botnet which was comprised of millions of hacked IoT devices spread all around the world. As some of you may remember, all these gadgets were hijacked thanks to weak default passwords and poor network configuration.

Thankfully, the hackers won't be able to pull off the same trick with Telestar's IoT radios. Vulnerability Lab's experts got in touch with the manufacturer way back in June, immediately after discovering the security hole. According to ZDNet, an updated firmware was released at the end of last month. The Telnet service has now been changed, and the passwords have been "revised". Owners can install it by resetting their radios back to factory settings and turning on updates via Wi-Fi. Needless to say, if you own one of those devices, you must follow these steps if you haven't already.

September 17, 2019

Leave a Reply