U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

How to hack Avaya phones with a simple text editor

At RSA conference 2015 a researcher demonstrated that Avaya’s Ethernet office phones can be compromised with just a simple text editor. At the RSA conference 2015 in San Francisco, Dr Ang Cui from Columbia University PhD and Red Ballon Security cofounder announced that Avaya’s Ethernet office phones can be compromised with just a simple text […]

How to hack Avaya phones with a simple text editor

At RSA conference 2015 a researcher demonstrated that Avaya’s Ethernet office phones can be compromised with just a simple text editor.

At the RSA conference 2015 in San Francisco, Dr Ang Cui from Columbia University PhD and Red Ballon Security cofounder announced that Avaya’s Ethernet office phones can be compromised with just a simple text editor, containing some lines of python.

Dr Ang Cui explained that this vulnerability was found last year in Avaya ONE-X blowers (including 96xx models), and it was found by accident when they were trying to exploit another vulnerability.

To exploit the vulnerability the device needs simply to be connected over the network, the attacker in this way is able to compromise the embedded OS.

“You can walk up to this phone with a text editor and get root on all phones vulnerable to this attack forever, until its thrown in the bin,” Dr Ang Cui explains.

“Every single Avaya phone out there that has this vulnerability works with a user root and a password of nothing. Once someone has done this, just once, there is little to do to ensure [the phone] has been scrubbed … you can watch every packet, but at the end of the day you have zero visibility into the device.”

ang_cui avaya hack

There is a firmware update that could fixes problems like this, but as pointed by the expert there are other security issues to consider.

“My definition of firmware updating is trading known vulnerabilities for unknown ones,” he said.

Another factor to consider is that the firmware update it’s difficult to pass it thought every single Avaya phone in the world, so it is quite common to find vulnerable Avaya phone.

The exploitation itself it isn’t very difficult,  the hack cost about $2,000 over a couple of months, but the expert hasn’t publicly provided further details on the hack for obvious reasons.

Dr Ang Cui anyway shares some information related its tests:

  • 20 phone fuzz farm
  • 1 month automated fuzzing
  • 10gb of crash data
  • 10K+ documented crashes
  • Ran basic clustering algorithm to determine unique root-causes
  • Chose top 4 unique crash cases
  • All Reliably reproducible
  • Manual analysis for exploitability

The conclusions were:

  • Embedded exploitation is not “next level stuff”
  • Embedded exploitation is cheap
  • Embedded exploitation is effective
  • Embedded exploitation is persistent
  • Embedded exploitation has no defense

Users can listen to the presentation here or download the slides here [PDF].

About the Author Elsio Pinto

Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs –  Avaya, hacking)