The security researcher Benjamin Kunz from Vulnerability-Lab disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack devices without any user interaction.
The issues were discovered several weeks ago when the company investigating an anomaly on a private network discovered the presence of the Telestar web radio terminals. The researchers discovered an undocumented
“During the investigation of the security incident with our company, we noticed an undocumented Telnet service on the standard port 23 on the said end devices during a port scan. Since port forwarding was activated for all ports on this network, it could be addressed from the outside.” reads the report published by the experts. “Telnet services are less used today, because content is transmitted unencrypted and there are better alternatives today. Nevertheless, the protocol on
The IoT radio devices are manufactured by Imperial & Dabman (Series I and D) and are distributed in Germany by Telestar, but experts pointed out that it is possible to buy them via Ebay and Amazon
Kunz and his colleagues were able to brute-force the
The researchers were able to edit some of the folders, created files, and modify paths to determine what it was possible to change in the native source of the application.
The following video below shows how it is possible to compromise the radio devices.
Attackers can perform a broad range of actions by exploiting the issues, including changing device names, setting boot-logo, setting volume, forcing a
According to Kunz, more than one million devices are potentially at risk, an attacker can trigger the flaws to build a huge
The experts reported the vulnerabilities to Telestar Digital GmbH on June 1 and the company by August 30 released a fix to address the flaws.
The good news is that Telestar Digital GmbH is not aware of attacks exploiting the vulnerabilities in the wild.
(SecurityAffairs – IoT radio devices, hacking)