Posted on February 3, 2020 at 3:07 PM
Firewall firm, SonicWall, revealed that hackers are seriously taking control of smart door access control systems to execute DDoS attacks. The hackers are believed to be attacking a Nortek Security and control system known as Linear eMerge E3.
The eMerge E3 is part of the access control systems, which is usually installed in industrial parks, factories, and corporate headquarters. They are used to control how visitors and employees can access rooms and doors based on their ranks and credentials in the organizations.
Some doors are not given access to visitors while some other doors are meant for only high-ranked employees. The eMerge E3 is responsible for allotting access parameters to people within the business premise using their smart cards or access codes.
In May last year, a cyber-security company, Applied Risk Researchers, revealed details about the vulnerabilities that affect NSC Linear eMerge E3 systems.
Even when the risk score of about six of the ten vulnerable devices was considered very high, NSC did not patch the devices, which means they are still vulnerable to attack. Researchers at Applied Risk security are still working to find out if there are other affected or vulnerable devices that are yet unknown.
Exploitation of CVE-2019-7256
SonicWall researchers published a report last week, providing details about hackers’ exploitation activities on the NSC eMerge E3 devices. According to the report, these hackers are attacking the vulnerabilities of one of the systems. CVE-2019-7256 is the specific vulnerability the hackers are targeting.
The researchers said the vulnerability is referred to as a command injection flaw. Hackers are using this flaw because it’s one of the most vulnerable flaws to exploit, as hackers could easily exploit it remotely. It’s the easiest to exploit, which explains why hackers have resorted to using the vulnerability.
IOS devices can be used as a gateway
While we are still battling with the vulnerabilities of smart devices used in access control, there is a bigger problem here. These vulnerable devices could be utilized as a gateway to gain access to the internal networks of an organization.
Last year, Microsoft revealed that a hacking syndicate, sponsored by the Russian government, utilized LoT smart devices as an entry point to launch attacks on corporate networks. The report revealed that the hackers tried exploiting a video recorder, an office printer, and a VOIP phone. There are several other reported cases of similar attacks or attempts to use IOS devices to gain access to the organization’s network.
How the flaw is triggered
The researchers revealed that the vulnerability issue of the device is a result of improper user-supply inputs sanitizing. As a result, it allows the execution of arbitrary commands with root privileges. In a published note on security alert last week, SonicWall explained that it is very easy for a remote attacker to infiltrate the device because of its high severance risk.
Hackers using CVE-2019-7256 to hijack devices
Security researchers revealed that hackers are taking over access control systems using CVE-2019-7256 vulnerability. They download malware, install them, and launch DDoS attacks on other devices.
The researchers noticed the first attack on the 9th of January. Since then, the attackers have continued in the hacking spree on the access control systems.
The first of these attacks began on January 9, this year, and were spotted by intelligence firm Bad Packets, and have continued in a steady stream ever since.
SonicWall said that the attackers are seriously targeting the devices as there are already tens of thousands of such attacks every day. The attackers have so far targeted several devices in more than 100 countries, but most of the devices targeted are from the U.S.
However, SonicWall reiterated that the number of Internet-accessible eMerge devices is low, as against a large number of other connected online.
According to SonicWall’s report, there were only 2,375 affected eMerge devices in the Shodan search engine. This number is far less than the millions of home routers and security cameras that are connected online.
Even with this small number of connected eMerge devices, attackers are still probing and exploiting their hacking options on the devices. SonicWall pointed out that their recent activities show that the attackers are not likely to stop exploiting the devices anytime soon.