NX-1200 hidden backdoor
tdewild
Posts: 49
in AMX Hardware
Media devices sold to feds have hidden backdoor with sniffing functions.
Highly privileged account could be used to hack customers' networks, researchers warn.
Source:
http://arstechnica.com/security/2016/01/media-devices-sold-to-feds-have-hidden-backdoor-with-sniffing-functions [h=1][/h]
Highly privileged account could be used to hack customers' networks, researchers warn.
Source:
http://arstechnica.com/security/2016/01/media-devices-sold-to-feds-have-hidden-backdoor-with-sniffing-functions [h=1][/h]
0
Comments
(also in my mailbox today)
http://www2.amx.com/webmail/18552/977039865/45af04684d551938785060106d7d3af9
I cannot comment one way or another on this - as I am under agreements not to.
I agree on the "bad optics" I the first place I expect to see it amplified is in Cr3st0n circles. It's unfortunate, but a sad fact of working in the world today. (and it isn't like other manufacturers do the same thing...) I cannot say who, but I've actually caught a manufacturer of a well known media server "walking the network" with an SNMP snooper and called them out. This was when i worked at CCS a while back.
Apple scares me the most and they require other companies to install little black box chipset into their devices in order to be apple home connect certified. The rise of the machine is not too far in the future and like in iRobot they'll be all interconnected and controlled by Apple.
Ha! the irony of Apple's 1984 - Orwellian first commercial is not lost on me. All us folks over 40 have simply got to get over the whole notion of "Provacy" It simply does not exist nowadays - nor is it an implied right. Digital Communications 1999 pretty much dug the grave and Digital Communications 2001 threw us in and filled in the hole.
Cr3str0n's sales people are already hitting the streets with this. A large dealer I work with had a Cr3str0n rep on site at 9am telling everyone there (with a straight face) that the White House was "hacked" via AMX products. What might seem laughable to us was enough to have one of the AV company's managers call me to ask if I thought it was true as they sell a ton of AMX to the government.
The security angle was really one of the last major selling points pushing decision makers towards AMX. While I and most here understand how AV networks are provisioned and how little "surface area" a lapse like this would afford an attacker, I'm sure this revelation will be hugely exaggerated and aggressively marketed by AMX's competition, whose own products would doubtless yield some even more interesting tidbits if placed under the same microscope.
Hoo boy... I am so tempted to post a response to the first paragraph... Let it suffice to say that the statement made by the sales guy was patently false. AMX (or any other control system for that matter) could not have been "Hacked" It has to do with how the network is setup between all the nodes. unless the electrons can jump a huge air gap - it is not possible. I'm not saying a breathing human being couldn't have done so. but, that's a whole other security matter that has zero to do with a back door.
Yeah, they're worried an AMX back door that in sensitive installs is probably isolated with no physical path to a gateway and aren't concerned at all with the holes in their firewall, VPNs, port forwarding and often VNC ports forwarded to an onsite PC which inturn can give hackers access to most things on that network. Having a back door to a house is one thing but having a back door to a bedroom within a house with locked exterior doors is quite another.