Today, RedTeam Security was asked to provide commentary on a CNN Money breaking news story regarding the discovery of a hidden backdoor within a popular conference calling product built by AMX. AMX manufactures conference calling equipment used by many organizations world wide, including the US Government.
The recently uncovered research shows the company hard-coded backdoor access into its system. AMX created a “secret account” with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.
What’s More: Analysis of the hard-coded account credentials proved to be merely obfuscated with Base64 encoding — an extremely primitive method for obfuscating information, let alone sensitive data like passwords. Anyone with a computer and a free copy of Olly Dbg has the necessary tools to discover and decode the hard-coded username and password for these systems.
Credits: CNNMoney (New York) Photo credits: Getty/CNNMoney
10-Point Offensive Security Checklist
Get A Bird's Eye View Of Your Organization's Security Readiness
National TV news and media outlets often consult with us for our expertise as a boutique, high-touch ethical hacking firm highly trained in a narrow field of cybersecurity. Please click on any logo below to view the featured story.
Let’s reduce your organization’s security risk
Test the effectiveness of your own security controls before malicious parties do it for you. Our security experts are here to help.
Dedicated Client Portal
Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.
Our expert penetration testers use their coding backgrounds to build tools to expand their testing capabilities and provide more comprehensive results on every engagement.
We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.
Free Remediation Testing
Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.
Your free security evaluation request has been successfully sent!
A security expert will be in touch soon!
Oops! Something went wrong while submitting the form.
Union Depot Building 214 4th Street E., Suite 140 St. Paul, MN 55101