Today, RedTeam Security was asked to provide commentary on a CNN Money breaking news story regarding the discovery of a hidden backdoor within a popular conference calling product built by AMX. AMX manufactures conference calling equipment used by many organizations world wide, including the US Government.
The recently uncovered research shows the company hard-coded backdoor access into its system. AMX created a “secret account” with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.
Analysis of the hard-coded account credentials proved to be merely obfuscated with Base64 encoding — an extremely primitive method for obfuscating information, let alone sensitive data like passwords. Anyone with a computer and a free copy of Olly Dbg has the necessary tools to discover and decode the hard-coded username and password for these systems.
Credits: CNNMoney (New York)
Photo credits: Getty/CNNMoney
10-Point Offensive Security Checklist
Get A Bird's Eye View Of Your Organization's Security Readiness