Security News > 2021 > June > How a conference room speakerphone might let attackers into your company network
Several egregious vulnerabilities affecting the Stem Audio Table conference room speakerphone could be exploited by attackers to eavesdrop on what's being discussed in its proximity, download malicious firmware, achieve and maintain network persistence, and more, GRIMM researchers have discovered.
Stack buffer overflow and command injection flaws that could allow attackers to execute arbitrary code as root on the device.
"VoIP devices like the STEM Audio Table are essentially network-connected microphones. Their compromise, through the described RCE vulnerabilities, could allow attackers to passively eavesdrop on nearby conversations and quietly maintain network persistence," the researchers explained.
"Such a foothold inside an organization provides a stable position for further network operations, data collection, and surveillance from a device that is unlikely to attract much attention. Without proper device isolation in the network, collected data can easily be exfiltrated over the Internet back to attackers."
"While GRIMM did not analyze all services running on the Stem Audio Table device, it was noted that all of the observed services were running under the root user. The impact of this design decision is that any other exploitable vulnerabilities within these services could provide attackers with root privileges," they noted.
He advises companies to audit devices before deploying them within company infrastructure, to implement proper network isolation, to research how the company deals with security, and to search for blog posts from security researchers that previously investigated the product.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/P8mr7k13AAk/