Researchers at Tenable have found a total of fifteen vulnerabilities across eight wireless display systems, including faults to remotely use hackers.
Wireless presentation systems facilitate the display of content from laptops and mobile devices on a screen or a projector. They frequently are used by companies and educational bodies.
The safety holes have been detected in the analysis of Crestron AirMedia productsAM-100 andAM-101, but these devices have shared the code of several others ‘ display systems. As a result, Barco’s wePresent, Extron ShareLink, InFocus LiteShow, TEQ AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, and potentially other vendors ‘ products will be affected. For some of these devices, Barco seems to be the OEM. The vulnerabilities of some, which are classed as critical, include issues which can be used for command injection and for unauthorized access to a device.
Wireless presenter systems vulnerable to hacker attacking Several flaws allow remote unauthenticated attackers to inject OS commands while others can be used remotely to change admin or moderator passwords, view presentations, bypass session ID authentication, and hijack the moderator controls, start or end screen sharing sessions, and cause a Denial of Service (DoS) condition.
Several failure controls are also available on the network. Hold also uncovered default passwords and credentials for administrators stored in plain text. Hundreds of Crestron Air Media devices, mainly located in the USA and Canada and used mainly by universities, were found in Shodan search.
The Tenable researcher, Jacob Baines, credited for finding faults, said that over 100 various universities in North America were recognized for exposing these devices to the Internet. In mid-January, Tenable began reporting the defects to impacted vendors. The companies were allowed 90 days to release patches. She told Tenable about 8 vulnerabilities and worked on solutions.
Crestron said she was aware of them. However, only Extron and Barco seemed to have released firmware updates at the time of the cyber security company’s disclosure. The AM-100andAM-101 products were discontinued from the Crestron’s website. Users can reduce the risk of attack by ensuring that these systems are not exposed to the Internet until patches become available.
The Internet of Things (IoT) devices are frequently targeted at cyber criminals, so users should install patches and mitigate. In fact, the WiPG-1000 Barco wePresent product covered by the research of Tenable has been targeted by the notorious Mirai botnet.