Researchers revealed that hackers are attempting to compromise smart building access systems. Read on to know more about it…
Researchers revealed that hackers are attempting to compromise smart building access systems. According to researchers from SonicWall revealed that hackers are attempting to compromise Linear eMerge E3 smart building access systems to recruit them in a DDoS botnet. The Linear E3 devices are installed in commercial, Industrial, banking, medical, retail, hospitality, and other businesses to secure their facilities and manage access to personnel. The key role of Linear eMerge E3 devices is to regulate access to employees and visitors for doors and rooms based on their credentials (access codes) or smart cards.
Hackers have already compromised more than 2,300 Linear eMerge E3 building access systems exploiting a severe vulnerability that has yet to be fixed.
Linear eMerge E3 smart building access systems designed by Nortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices.
In May 2019, security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities in management and access control systems from four major vendors, including Nortek. An attacker can exploit the vulnerabilities to gain full control of the vulnerable products and access to the devices connected to them.
Krstic conducted a year-long study on building management (BMS), building automation (BAS) and access control products from Nortek, Prima Systems, Optergy, and Computrols. The experts analyzed several products, including Computrols CBAS-Web, Optergy Proton/Enterprise, Prima FlexAir, and of course two Nortek Linear eMerge products.
“Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in product documentation and compiled lists available on the Internet.” reads the advisory published by Applied Risk. “It is possible to identify exposed systems using search engines like Shodan, and it is feasible to scan the entire IPv4 internet. Applied Risk has calculated a CVSSv3 score of 9.8 for this vulnerability”
Proof of Concept
In November, Applied Risk released a proof-of-concept exploit code for the CVE-2019-7256 flaw along with a Metasploit module that exploits a command injection vulnerability in the Linear eMerge E3 Access Controller.
According to a report recently published by SonicWall, hackers are scanning the Internet for NSC Linear eMerge E3 devices to exploit the CVE-2019-7256 flaw. The experts warn that the vulnerability is very easy to exploit, attackers are triggering it via a specially crafted HTTP request that is sent to vulnerable systems.
In its alert, SonicWall researchers said, “This issue is triggered due to insufficient sanitizing of user-supplied inputs to a PHP function allowing arbitrary command execution with root privileges. A remote unauthenticated attacker can exploit this to execute arbitrary commands within the context of the application, via a crafted HTTP request.”
“SonicWall Capture Labs Threat Research team observe huge hits on our firewalls that attempt to exploit the command injection vulnerability with the below HTTP request.” reads the advisory published by SonicWall.