LifeSafety Power NetLink Vulnerabilities And Problematic Response

By: John Scanlan, Published on May 20, 2019

'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for them need to be considered as well.

Indeed, Security researcher Bashis has discovered various vulnerabilities in LifeSafety Power NetLink devices.

LifeSafety Power NetLink Vulnerability1

IPVM spoke with both Bashis and executives at LifeSafety Power. Inside, we provide details on this vulnerability including:

  • Vulnerabilities overviewed
  • Devices affected
  • Impact of vulnerability
  • Why Life Safety Power failed to respond to multiple reports until IPVM intervened
  • What Life Safety Power says they are doing now to improve their cybersecurity process

Related, see IPVM's Cybersecurity Vulnerability Directory

'***** ********' *** *** devices **** **** ***** about **** *********** *************** but ** **** *** more ******* ** '******', the ***** *** **** need ** ** ********** as ****.

******, ******** **************** *** ********** ******* *************** in********** ***** ******* *******.

LifeSafety Power NetLink Vulnerability1

**** ***** **** **** Bashis *** ********** ************ *****. ******, ** ******* details ** **** ************* including:

  • *************** **********
  • ******* ********
  • ****** ** *************
  • *** **** ****** ***** failed ** ******* ** multiple ******* ***** **** intervened
  • **** **** ****** ***** says **** *** ***** now ** ******* ***** cybersecurity *******

*******, *** ****'************** ************* *********

[***************]

LifeSafety ***** ******* ************* ********

******* ******* *** **** with ****** ******** ******* to ****** ******* *** control ****** ***** *** receive ****** ********* ****** or ******** *********.

Impact ** *************

********' ***** ** ******* report *****, *** ******** ** high, **** ******* *************** including ************ ****** ** clear **** ***********, ** the ******* **** *** PoC *****:

***** ******** ** ** cameras, ***** *** ****** far **** ** ***** devices, ***** ******* *** generally **** ** ****** security ********** ***** ************ of **** *************** ***** be **** ***********.

Patch *** *************

***** **** ******** ******* can******** ******* ******** **** their ******* ****. *** ***** ******* ******** NetLink ******* ** ***** network, *** ********** *** ** downloaded ****, *** ** **** to ****** *** ***** upgrade ********.

Devices ********

*** ******* ******** ******* the NL2 *** *** ******* firmware ******** *.**, *.***-** and *.***-***.

Poor ******** ** ******** *************

****** ****** **** ******* attempts ** ******* *** before **** ******* *********. The ******** ***** ***** this **** **** ******** 2018 - ***** ****.

******** **, ****: ****** contacts ******** ******** **** VDOO **** *** ********, and **** ******* ** contact *** **** *** findings ******** ***** ** no *****.

******** **, ****: **** returns *** **** ** him ***** *** *** failed ** *******. **** the **** *** **** Bashis ******** ** ******* LSP *******, ***** **** ignored, ******* **** **** thought ** *** * phishing *******.

******** **, ****: ** a ***** ****** ** provide *** * ****** to ****** ***** ******** and ******* ****** ********** his ********, ****** ******* out ** ****. **** was **** ** *** in ***** ********** ***** and ******* **** **** Bashis.

***** * ****: *** firmware *** ******** *** provided ** ****** *** testing.

***** * ****: ****** confirmed *** ******** *** corrected.

*** ********* ****:

***** *********** ********** ***** was * ******* **** **** ** stating * ************* *** found ** ******* *** ** appeared ** **** **** a phishing email and so wasn’t ***** **. **** *** our *******.

**** ** ****** ***** of *** ******** ***** in ******** (*** **** Honovich ****** ** *****) we ***** ********** *** matter **** ***.

Improvements ********** *******

*** **** *** **** will ** **** ******** about ******** ********:

***** ******* *** *** and *** ********* **** will ** ****** ** *** ************* ******* *********, ** matter *** ******.

**** ****** ********* ************ in ***** ******** *********** process:

*** ***** *** ********** during ******** ***********. ** have ******** *** **** review **** * ***** security ****** *** **** plan ** ********** ********** external ***** ***** *******.

Default ******** *******

*** ******** ******* **** with ******* *********** ***** are ********** ** ** changed **** * ***-** message *** *** *** required ** ** *******. Due ** *** **** associated **** ******* ***********, they **** ********* ** ****************** ** ******* ****.

Response ** ******* ******** *****

*** ********** ** ***** allowance ** ******* *********:

*** ******* ******** ** ******** provided for ******* ***** *** testing ** *** ****** (common ******** ** *** industry). To ****** ***** ** setup ****** ********, ** ***** a “***” ******** **** *** default ******** ** *** ****** and ** ****** ** changed to * ******* ******** password ********** ** *** customer ** *** **********. *** warning ******* ******** ***** time ** ***** ** long ** *** ******** has *** **** ***** properly.  **** * ******** is ******* ** ** required ** **** * -14 ********* **** * mix ** *******, **** sensitive *******, *** ******* characters. We **** ******* * survey ***** *** ******** base *** *** ** we ****** **** *** Netlink ******** ***** ***** to ***** ****** ******** the ***** **** **** login. ********* ** *** survey *******, ** *** change *** ******** ** force ***** ** ****** the ******* ******** ***** their ***** *****.

****: ** ******** ***** it ***** '******** ********' in ****, ************ ********* have ********** *** ******* password, ******* ***** ** set * ******** ** first ***.

Device ********* *****

*********** ********* ************* *** ** ****, recommending ***** * ****** IP ******* ** * cybersecurity **********, ******* ***** alerts, *** ***** **** rather **** ***** ** you **** **** ******* is ******:

Reminder ** ******* *****

**** ** * **** reminder **** ** **** devices **** *** '******** of ******', *************, ***********, and ***** **** ** be ******** ***** ************* vulnerabilities. 

Comments (27)

"****** ****** **** ******* attempts ** ******* *** before **** ******* *********. The ******** ***** ***** this **** **** ******** 2018 - ***** ****."

******, **** *** **** difficult ** *********** ****.  Communications **** **** ******* are ****** ***-********, **** have ***** ******** ***** no ****** **** *** question...  *** **** **** too ****, ************ ** just ***** ********?

**** *** ******* ** their *********, *** *** to ***** ***-**************, *** only ****** **, "****"!

**** ****** **** *** message ** *****-*******. ********* basic ********* ********* ** *** switch ** ******** * manufacturer's ********. *** *******/******** prevention, ******** **********, ******** turned ***, ***** *********** all *** **** *******/******** exploitation, **** ** *** absence ** * ***.

***** ****** *** *** uniqie ** ***, **** is * ******** **** probelm **** *** *-***** better *** *** ** front ** ****** *** comes **** ** **** them ** *** **********. 

* ***** **** ** see ******** ** *** IPVM ********* ** *** who **** ****** ***** concerns ***** (****** *** pun) *** ********** ************ of *******.  * **** want ** **** **** LSP **** **** * cyber ********** *** **** curious *** **** ****** cyber ** #* ******* when ********** ********.

* ******** *** ******** but ***** *** ** are ******** *** ******* until ***** ** **** EIT/EIS ********** ** ******* pen-tesing **** ** ******* else ***** **** ************ or ***** *** *****.   I **** *** *** LSP **** *** ******* modular ** * *** use *** ******* *** and *** ** *** '"connectivity" ** * ***** date.

***** *** ** *** removing *** ******* ***** there ** **** ***/*** Evaluation ** ******* ***-****** dont ** ******* **** other **** ************ ** thier *** *****

*** ***** ** ****? 

** ******** *** "************ Piece" ** ****** ** to **** ** * non-technology ***** (********** **********) and ***** **** ** deploy *** *** ******* Solutions ** ******* ********** and *********** ****** *** enterprise (**** ***+ ********). 

**** ***/*** *** **** to ******** *** **** Test *** ******* *** approves ** ** * "Connected ******" **** * can *** **** ** the *** *** **** advantage ** *** *** monitoring *********.

** ** ***** (********* institutions) ********** ********** ** the **** ** *** game, ** ****** ********** requirements ******!  ** ** is "** *******" **** it ******* ******* ***********, long **** *** *** days ** **** ***** a ******/******** *** ** host ***** *******.

**** ****** ** **** for ******* ** ************ the ******* **** ***, its *** ***** *** last ******** *** **, and **** ****** ** LSP *** **** ******** and ******* ** ***** this ************ ** ****.

********** ***** ***** **** responsibility *** *** ************* found ** *** ********** Bashis.  ******* *** *** the ******** ***** ***** penetration ******* **** ********** had ********** **** ******* so ** ******* ***** that ** ***.

***** ********** **** ******, a ******** ***** *** done *** ******** ** him *** ************ ** operation. ****** ****** *** confirmed ******* (**** ***********) and ** ******** *** new ******** *** *****.

*** *** ***** *** reputation ** ******* *** response ** *** ********** which *** **** * key ****** ** *** growth ***** ***** *** beginnings.  ** ******* **** those ********** *** ******** to *** ***/*** ***** was ********, *********, *** acted **** ****** *** day ** ******** ************. Up ** **** *****, there *** **** *** email ** *** ******** of * ******* **** the ***/***. **** ***** sender *** ******* ** us, *** ** ******* identification, ** ***** ****** and ** *********** ******** affiliation *** *** ******* in * ****** **** did *** ****** ********. There ** ** ****** within *** ***** ** a ******* ********** ** VDOO *** ** **** never **** ******** ****, or *** ******* **** that *******.

*** **** ******* ***** uses *** **** “***************” (plural), ****** *** ********** that ***** *** ******** issues **** *** ****** but **** *** **** changes *** ******* ** “vulnerability” (********). “***************” ** misleading. *** ***** ** the *********** ******** ** not * ************* *** the ****** ** ******** request ** **** ****** to *** ** ****** for **-***** ***** *** configuration ******* *** **** to **** ******** ******** records ***** ** *** unit ***** ** **** and ****. **** *** be ******* ** ********* (or ****) ******* **.

**** ******** *** ******** in * ****** ****** LSP ** *** ********** involved ** ******** ********** such **** **** **** of ***** ** ********** and * ****** **** will ****** ** ************* queries ***** ********.

*** ********** ** ****** first *** ******** ** our **** *** ** will ****** **** ******** steps *** ********* ** uphold ** *** *** responsibility ** *** *********. 

**** *******

** ** ***** *** Marketing

********** *****

 

** *********** ********** #*...

*** **** **** ** highly ******* ** ******* and ******* ** **** comment **** *** ****"***** *** * ****** call"  ***** ****** *** ** character.  ** ** **** a *********** ******* *'* not ***** ** * would **** ** ********** that *** ******* **, so ****** ******* **. Direct **** (***) ***-****.

* **** ****** **** call.

*** **** ******* ***** uses *** **** “***************” (plural), ****** *** ********** that ***** *** ******** issues **** *** ******

***, ****'* ************* *** ***** ******** vulnerabilities(******), ** ************ *****:

** *** *** ** into *** ******* ** each ************* *** ****** of ***** *** ********* complexity *** ***** *** multiple ***************.

******* *** *** *** multiple ***** ***** *********** testing **** ********** *** identified **** ******* ** we ******* ***** **** he ***.

** *** *** ******* did *** ******* ****** code ******, **** ** is ******** *** ***** ever **** *************** **** this. ******** *** ******* tends ** ****** ***** on ******* *** ***** exploits *** ****** ****** like *** ********* ** form ************. 

** **** *** ******* included ****** **** *******, then *** ****** ******** ask *** * ****** (not ******** ***** *************** were **** ** ****, but * ****** **** should **** ***** ** least **** ** *** basics.

***** ********' *** *** devices **** **** ***** about **** *********** ***************...

*’* ***** **** *** fact **** ****** ** now ******* ***** ******** as * *********** **** that ** ******* *** have ******** ********.

** ****** *******, *’* an *****.

 

*****, * (************* *********) disclaimer -- ***** **** to ****** *** ******* this *************. * **** it **** * *** that * ***** *** that *** ************* ** the ***** ******* ** the ******** ******** ******** the ****** **** ** IPVM ********.

**** **** ****, ***** it's ************ **** **** a ************* ******* ** the *** ******* ** the ***** *****, ** I ** ************* ** correctly **** *** ******** versions ***** **** ************* was ********** *** *.* and *.**, **** ** another ******* ******* ** how ***********/********* ********** **** cyber ******* ** *** first ***** ***** ******** this ************* ** *** first *****. **** ******** release *****, ** ***** like *.** *** ******** in ******* ** ****, and *** **** *.* revision *** ** ******** of ****. * **** that *** ** **** were ******** ** *.** last *****.

***** ************ ** *********, but ************ * ********* check ** *** ******** revisions *** *** *******-********* devices ****** ** * bare ******* *********** ***** days. **** **** ****** to ** ** **** often, *** ****** ***** an **********-***** ******* ****** be **** ** ** quarterly ******* *** *****.

***** -- ***** ** all ******** *** ******* the *************, *** ** LSP *** (**********) ****** it.

** * ********, *** those *** *** **** LSP ** ************, *** literally **** ** ******* the ***** ****** ** just **** ****** *** luck. ****'** *** ** the *** ************* *'** dealt **** **** ******** respond ******* ****** ***** time * **** ******* them.

* ***** *** **** his ************* ** *** cyber ******* ** *** security ******** ******** *** entire **** ** **** combined.

****** ************* *** **** significant **** *** ****** industry ********. **'* ********** vulnerabilities ******,*****,*********,*******,***, ** **** **** a ***, **** *** made *** ******** *** more ***** ** ***** risks.

** *** *** **************, the **** **** **** though ** ***** **** 'bahis' *** ******** ** a **** ************* ** the ********* ** ************* issues ** **** ******** and ****, **** *************, their ******* ******** '******'***** ***** *** ******** prominent ********** ** *** work.

****, ******* ****** *** knowledge ** **** ******** Bashis **** ** ***** out ** ****, * would ******** ** ** the **** ***** ********* that ****** *** ******* was ********* *********** ** an ***** ******** ** that ** *** **** by * ***-***** ******** service ****** *** *********, either ******* **** *** no **** **** ** was ****** ** ******* they **** **** ** was **********. *****, *** the ****** ** *** world ** ****** ****, but * ***'* ***** it's ********** ** ****** to *** **** ******'* written ******* *** ********* come ****** ** *********** from ****** ** *** ******* King ** ******* ** ********* *******...** ********** intended, *** *'* **** saying...

****** ***, ** ***** is **** * ***** hope **** **** ******* doesn't ******* *** ** an ****** ******** ***** as "************" ** *** caring ***** ***** ******. My ********** -- *** obviously *** ********** ** others -- ** ******* the ******** ** **** regards, *** ****'* ******* evidenced ** *** ********** quick *** **** **** released **** **** ******** it *** *****.

** **** ** *** read ** * ***-***** customer ******* ****** *** discarded

****'* * **** *******. They ***** **** **** the ***** *** ***** vulnerabilities *** ** ***** that ****** *** *** name *****. ***** ** them ** **** *** not **** *** ****** is *** *** *** think ***** ******** ***, which ***** **** ****** and ******* ********* **** it ****** ** ** examined *******.

* ***'* ****** ***, I ***'* **** **** Olliver, ** * ** not ****** **** *** good ** *** *********, just **** ***** *********** for *** ********** ** the ************* *****(*) **** not **** **** ***** to **.

*) ***** ****** *** typically **** ********* (****** windows).

*) ** ** ********** that ****** ** ************ ** * *********** ******(*** ****** ***** *****) and ****(** ***** ****** ************).

*) **********, *** ********** clearly *** ******** ** all ***** **** ********* of *** ******, ***** by *** *** *****.

*) **** ** **** don’t ******* **, ***** hackers *** ***** ********* to ***** ***** ** gaffes.

*) ********* *** ** big ************ ***** ****** ********* dissonance ** *** ****** researcher, ** ** ************** feels ******** *********** ***** with *** ******* ** the ********* *********** ****-**.

********* *** *** ** the ********** ****** ****** ** ********** ** once ** ***** ** the ***************, ** ***** *****.

 

*** *** *** *** of *** *****, *** me ******* *** * bit **** **** ********* URL 

*****://***.********.***/****-******?*******=******

 

* ***** *********, **. w.

*** * * *****, my **** ** ******* "bashis" *** *** "******", however *'* *** ** sensitive ***** ****  ;)

*********:  ****** ** **** what *** ** *** a ****** ** ** this * *****?  *'* not ******* *** **** gets ********* ** *** I ***.  *** *** doing ********** **** *** I **** ***** ** some ****** ** **** for ***.

** ** **** ****, reward ** ******* **********.

** * *** *** is ******* ** *** for * ****** **** will ** ***** ** least ** ** *****, now * **** ** verify **** **** **** actually ***** *** *******. My **** *****.

* ***** ********* *** to **** **-** **** with ****** **, **** you “******” ** **.

*********** ******** ********* ** a *********** ******. ** yes ***'* **** ** verify **'* *** ****** version, *** *** ****** have ******* **** ******** the *******...

**** ** * ****** thing. **** *** ********* yet.

* ********** **** *** has **** **** ** Assa *****. ** *** think **** *** **** or ****** *** ******** with ********?

***** ***, *** *** post ** *** ****:**** ******** ********** *****.

** ** ********* ** be ******** ******* *** buy ***** ** ***** LSP ****** *********, *** it ** ***** ******** out **** **** **** week ****** * '***** ******** *******' ************* **** *** in ******.

*** ****** ********* *** responsibility ** ************* ** a ********** ***** ** people ****** **** ** likely ** ****** ** a *********** ***** ****** brands, ****** **** ********** be ******** *** ******** within * ***** ******* like ********** ***** *****.

*** *** * **** the "***** ******** ****** (HID5442)" **** ** **** Long *****. ***** ** not * *** *****, Mercury *** ***** ***** "we **** *****" ********* noise ;-)

Login to read this IPVM report.

Related Reports

Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see,...
Dynamic vs Static IP Addresses Tutorial on Apr 16, 2020
While many cameras default to DHCP out of the box, that does not mean you...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
Vehicle Gate Access Control Guide on Mar 19, 2020
Vehicle gate access control demands integrating various systems to keep...
Uniview Heat-Tracker Temperature Screening Series Examined on Apr 22, 2020
Uniview is marketing #UNVagainstCOVID19 with their Heat-Tracker series,...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
BICSI For IP Video Surveillance Guide on Feb 11, 2020
Spend enough time around networks and eventually someone will mention BICSI,...
Clinton Public View Monitor (PVM) Mask Detection Tested on Jul 09, 2020
Face mask detection, or more specifically not wearing one, is expanding...
Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
Add Door Operators To Fight Coronavirus on Mar 31, 2020
IPVM recommends that integrators advocate and end-users consider adding door...
FLIR Markets Windows Temperature Screening, Violates IEC And Causes Performance Problems on Jul 17, 2020
FLIR, one of the largest thermal screening manufacturers, is marketing...
IPVM To Disrupt Trade Shows With Launch of Online Shows on Mar 17, 2020
IPVM is launching Online Shows, a series of ongoing events that allow sellers...
Help Security End Users Facing Coronavirus Improve Remote Access on Mar 24, 2020
Many end-users and integrators are struggling with the impact of coronavirus...
Convergint Coronavirus Cuts on Mar 25, 2020
One of the world's largest security integrators, Convergint, has made a major...

Recent Reports

Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...
"Grand Slam" For Pelco's PE Firm, A Risk For Motorola on Aug 07, 2020
The word "Pelco" and "grand slam" have not been said together for many years....
FLIR Stock Falls, Admits 'Decelerating' Demand For Temperature Screening on Aug 07, 2020
Is the boom going to bust for temperature screening? FLIR disappointed...
VSaaS Will Hurt Integrators on Aug 06, 2020
VSaaS will hurt integrators, there is no question about that. How much...
Dogs For Coronavirus Screening Examined on Aug 06, 2020
While thermal temperature screening is the surveillance industry's most...
ADT Slides Back, Disappointing Results, Poor Commercial Performance on Aug 06, 2020
While ADT had an incredible start to the week, driven by the Google...
AHJ / Authority Having Jurisdiction Tutorial on Aug 06, 2020
One of the most powerful yet often underappreciated characters in all of the...
SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...
ADI Returns To Growth, Back To 'Pre-COVID Levels' on Aug 05, 2020
While ADI was hit hard in April, with revenue declining 21%, the company's...
Exposing Fever Tablet Suppliers and 40+ Relabelers on Aug 05, 2020
IPVM has found 40+ USA and EU companies relabeling fever tablets designed,...
Indian Government Restricts PRC Manufacturers From Public Projects on Aug 04, 2020
In a move that mirrors the U.S. government’s ban on Dahua and Hikvision...
Directory of 201 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Loses Australian Medical Device Approval on Aug 04, 2020
Dahua has cancelled its medical device registration after "discussions" with...
Google Invests in ADT, ADT Stock Soars on Aug 03, 2020
Google has announced a $450 million investment in the Florida-based security...