AMX Fixes Backdoor Vulnerability After 10 Months

HardOCP News · Jan 22, 2016

It's scary to think that this backdoor was deliberately hidden on devices that are used by our military and The White House. But the most unforgivable part of this story is the way they used Black Widow and 1MB@tMan together. You never mix Marvel and DC, everyone knows that.

A deliberately hidden backdoor account has been found in AMX by Harman Professional devices that allows attackers to completely compromise an affected device. AMX's client portfolio includes The White House, departments from the police, air force, army, marine corps, sporting organisations, as well as a number of top universities and colleges.

jcollett69 · Jan 22, 2016

While I did not see it specifically stated, it would appear that AMX is developing IoT. It sure seems that these devices are being built to be insecure by default. Won't be getting a Nest or any other IoT device anytime soon.

Postalgeist · Jan 22, 2016

I thought the government wanted backdoors.

DocSavage · Jan 22, 2016

This backdoor was probably implemented on request of the government:

"Functions to retrieve a list of all users in the database were found to deliberately hide this user," SEC Consult wrote. "Further, using this backdoor account grants additional features on the remote-cli, such as a facility to capture packets on the network interface which not even an administrator account can perform."

jonathonball · Jan 22, 2016

Steve said:
You never mix Marvel and DC, everyone knows that.

oh yeah?

AMX Fixes Backdoor Vulnerability After 10 Months

HardOCP News

[H] News

jcollett69

Limp Gawd

Postalgeist

Gawd

DocSavage

2[H]4U

jonathonball

[H]ard|Gawd