Hackers exploiting vulnerability in smart doors to launch DDoS attacks

Smart door and building access control systems are currently the top targets of hackers for launching distributed denial-of-service attacks or DDoS attacks, claims SonicWall.

According to the latest findings of the firewall company, attackers are primarily targeting a Nortek Security & Control (NSC) product called Linear eMerge E3, which is used in commercial environments such as corporate buildings, factories, and industrial parks to monitor the incoming and outgoiång visitors and employees.

See: Using a laser on Alexa & Google Home hackers can unlock your front door

So far SonicWall researchers have identified over 2,300 vulnerable access systems. Researchers revealed that the Linear eMerge E3 system is Linux based and controlled via a browser using an embedded web server.

It is worth noting that IoT devices such as surveillance cameras are the prime target of cyber criminals precisely because of their default and easy to guess login credentials.

However, the attacks against Smart door and building access control systems were first identified by a cyber-intelligence firm Bad Packets while the attacks were observed on 9th January, 2020. Since then, the number of attacks has increased as tens of thousands of devices are attacked per day in around 100 different countries. However, the majority of the affected users are located in the US.

On the other hand, researchers at a cybersecurity firm Applied Risk state [PDF] that they identified ten serious security vulnerabilities in May 2019 in the same system. These flaws were found in eMerge E3 series 1.00-06 devices but they also found some old versions affected by the same flaws.

Common Vulnerability Exposure (CVE) for Linear eMerge E3 system

They notified the NSC regarding the vulnerabilities but the company didn’t yet release a patch to fix them despite that out of the ten flaws, six were highly critical flaws and assigned a CVSS v3 severity score of 9.8-10/10.

SonicWall researchers assessed that hackers currently are exploiting one of the ten vulnerabilities to launch DDoS attacks, which is a command injection bug indexed as CVE-2019-7256 with a severity score of 10/10.

See: Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

The issue is caused by insufficient and inappropriate filtering of user inputs that are fed to a PHP function, due to which unauthenticated individuals are able to run arbitrary commands using an especially designed HTTP request. Once the attack is successful, attackers can easily infect the device with malware and launch a DDoS attack. 

Nortek is aware of the reported vulnerabilities but hasn’t produced a patch. It is suggested that system admins who are responsible for managing networks linked with NSC Linear eMerge E3 must disconnect their systems from the internet or install a firewall or VPN to limit access to these devices.

You Might Also Like