Backdoor-riddled Devices Sold To US Army, White House

This post is also available in: עברית (Hebrew)

AMX, a supplier of audio-visual and building control equipment among whose clients you’ll find the US Army and the White House, built in a seemingly deliberately concealed backdoor into dozens of its products. The Backdoor could be used to hack or spy on users, according to researchers from Austria-based security firm SEC Consult, who discovered the backdoor.

According to Arstechnica, the researchers discovered the backdoor after running an analysis on the AMX NX-1200, a programmable AV and building control devices. Their suspicions were raised when they encountered a function that added a highly privileged account with a hard-coded password to authorised user list. Unlike regular accounts, this one could capture data packets transmitted between the network and the device itself.

“Someone with knowledge of the backdoor could completely reconfigure and take over the device and due to the highest privileges also start sniffing attacks within the network segment,” said SEC Consult researcher Johannes Greil. “We did not see any personal data on the device itself, besides other user accounts which could be cracked for further attacks.”

Not only could the account track all data packets, the function that launched it also prevented it from being displayed in a list of valid usernames. To use the account, an attacker would likely need to be connected to the local network, but several vulnerable devices were spotted on the wider internet as well.

After the initial discovery, dozens of other devices SEC Consult checked were found to be vulnerable in the same manner. According to AMX, the equipment is used by an extensive list of security-conscious organisations.