Security consultants warn that the devices we trust without a second thought are attackers’ favorite targets

Helsinki, Finland – December 16, 2019 — /BackupReview.info/ — Consultants with cyber security provider F-Secure have discovered several exploitable vulnerabilities in a popular wireless presentation system. Attackers can use the flaws to intercept and manipulate information during presentations, steal passwords and other confidential information, and install backdoors and other malware.

Barco’s ClickShare wireless presentation system is a collaboration tool that helps groups of people present content from different devices. ClickShare is a market-leading wireless presentation system with a market share of 29% according to FutureSource Consulting’s “Global wireless presentation solutions 2019” report.*

F-Secure Consulting’s Dmitry Janushkevich, a senior consultant that specializes in hardware security, says the popularity of these user-friendly tools make them logical targets for attack, which is what compelled his team to investigate.

“The system is so practical and easy to use, people can’t see any reason to mistrust it. But its deceptive simplicity hides extremely complex inner workings, and this complexity makes security challenging,” explains Janushkevich. “The everyday objects that people trust without a second thought make the best targets for attackers, and because these systems are so popular with companies, we decided to poke at it and see what we could learn.”

Janushkevich and his F-Secure Consulting colleagues researched the ClickShare system on an on-and-off basis for several months after noticing its popularity during red team assessments. They discovered multiple exploitable flaws, 10 of which have CVE (Common Vulnerabilities and Exposures) identifiers. The different issues facilitate a variety of attacks, including intercepting information shared through the system, using the system to install backdoors or other malware on users’ computers, and stealing information and passwords.

While exploiting some of the vulnerabilities requires physical access, others can be done remotely if the system uses its default settings. Furthermore, Janushkevich says the execution of the exploits can be done quickly by a skilled attacker with physical access (possibly while posing as a cleaner or office worker), allowing them to inconspicuously compromise the device.

“Our tests’ primary objectives were to backdoor the system so we could compromise presenters, and steal information as it’s presented. Although cracking the perimeter was tough, we were able to find multiple issues after we gained access, and exploiting them was easy once we knew more about the system,” explains Janushkevich. “For an attacker, this is a fast, practical way to compromise a company, and organizations need to inform themselves about the associated risks.”

F-Secure Consulting shared their research with Barco on October 9, 2019, and the two companies worked together in a coordinated disclosure effort. Today, Barco published a firmware release on their website to mitigate the most critical vulnerabilities. However, several of the issues involve hardware components that require physical maintenance to address, and are unlikely to get fixed.

“This case highlights how hard it is to secure ‘smart devices’. Bugs in silicon, in the design, and in the embedded software can have long-lasting negative effects on both the vendor and users, undermining the trust we put in these devices,” says Janushkevich.

F-Secure Consulting operates on four continents from 11 different countries. It provides cyber security services tailored to fit the needs of banking, financial services, aviation, shipping, retail, insurance, and other organizations working in highly targeted sectors. Details of the research are available in a blog post on F-Secure Labs – https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare

More information on F-Secure Consulting is available here – https://www.f-secure.com/en/consulting

*Source: https://futuresource-consulting.com/reports/posts/2019/may/futuresource-wireless-presentation-solutions-market-report-worldwide-may-19/?locale=en

About F-Secure
Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need. Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure?

F-Secure media relations
Adam Pilkey
+358 40 637 8859

Source: F-Secure

 

 

 

General Tags: online backup companies, online backup news, online data backup, software as a service, online file backup, online backup, online backup reviews, SaaS, backing up online, online file storage, online backup providers directory, data security, top rated online backups, compare online backups, CEO interviews, data storage, cloud computing, online backup services

Like us on Facebook




===========================
Do you like this post? Subscribe to our RSS feed ===========================



Share/Save/Bookmark

Related posts:

  1. Hacking a Living Room: Kaspersky Lab Finds Multiple Vulnerabilities in Popular Connected Home Entertainment Devices
  2. Kaspersky Lab Discovers Vulnerabilities in Popular Pet Trackers
  3. Kaspersky Lab Discovers Critical Vulnerabilities in Popular Industrial Protocol
  4. Addonics Announces WiFi Drive Adapter – For Wireless Sharing of USB Drives or Use as a Wireless Hot Spot
  5. F-Secure: Software Vulnerabilities Continue to Supply Criminals with Exploits
  6. Seagate, The Pioneer In Wireless Storage, Introduces A Family Of Wireless Solutions With New Enhanced Features
  7. Research Finds Android Handsets Suffer from Region-specific Security Issues
  8. Despite Major Vulnerability Disclosures Like WannaCry, New Research Finds that Open Source Components Fail to Receive Suitable Security Attention
  9. Cybercriminals Using Popular TV Shows to Spread Malware, Finds Kaspersky Lab
  10. Kaspersky Finds Compromised Popular Mobile Apps in Official App Stores

Tags: