CyberNews Briefs

Telnet Backdoor Opens More Than 1M IoT Radios to Hijack

Cybersecurity researchers with Vulnerability Lab have uncovered two security vulnerabilities in Imperial Dabman IoT radios that could enable attackers to gain control over more than a million devices and use them to plant malware, enslave them into a botnet, and retrieve sensitive data including the Wi-Fi password of the network the device is connected to.

The most critical vulnerability, tracked as CVE-2019-13473, describes the existence of an undocumented, persistent and weakly secured Telnet service that connects to Port 23 of the device. The service is “secured” by means of a hardcoded password, which is “password.” Accessing this service provides attackers with root privileges on the device. A second flaw, tracked as CVE-2019-13474), can enable attackers to execute unauthorized commands on impacted radios.

Read more: Telnet Backdoor Opens More Than 1M IoT Radios to Hijack

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.