Enterprise AV devices contain secret backdoor

By

Remote access possible, Australian clients affected.

Audiovisual devices made by AMX for government, education and business users contain a secret backdoor that allows full remote access without detection, security researchers have found.

Enterprise AV devices contain secret backdoor
AMX Netlinx NX-1200. Source: vendor.

European security firm SEC Consult discovered the hidden backdoor account by analysing an operating system program for user management on the AMX Netlinx NX-1200 AV controller, which is sold in Australia.

The binary contains a function named "setUpSubtleUserAccount", which adds a hidden user with administrative privileges, SEC Consult said.

Both the account username and password are stored persistently on the AMX NX-1200, meaning if an attacker has this information, they can potentially log on remotely to multiple devices.

That secret account is named BlackWidow, after a Marvel Comics superhero.

SEC Consult contacted AMX in March last year with details of the backdoor, and a patch was issued some seven months after the disclosure.

AMX, however, did not remove the backdoor with the patch. Instead, the company swapped the superhero user name to 1MB@tMaN, and the account with full administrative privileges, accessible via Secure Shell or a web interface, remained.

On top of normal administrative privileges, SEC Consult found the secret backdoor account can capture data packets on the device network interface. This is not possible with the local administrator account, the researchers said.

Some of AMX's products have been tested by the US Defence Information System Agency, and it has been entered on the country's joint interoperability test command approved products list, meaning they are certified as "secure command and control, conference, training and briefing room" solutions.

One promotional image on AMX's United States website shows president Barack Obama in front of a control panel sold by the company, along with secretary of state Hillary Clinton and other officials.

Source: AMX

Several other AMX products contain the backdoor account, SEC Consult said, including some of its digital media switchers, all-in-one presentation switchers, control pads, and central controllers.

Yesterday, AMX issued another set of firmware updates for the products that can be downloaded by users on its website, or through authorised AMX or Harman Professional dealers.

SEC Consult has not tested the updated firmware packages to see if the backdoor has been removed.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
backdoorssecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?