LifeSafety Power NetLink Vulnerabilities And Problematic Response

By: John Scanlan, Published on May 20, 2019

'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for them need to be considered as well.

Indeed, Security researcher Bashis has discovered various vulnerabilities in LifeSafety Power NetLink devices.

LifeSafety Power NetLink Vulnerability1

IPVM spoke with both Bashis and executives at LifeSafety Power. Inside, we provide details on this vulnerability including:

  • Vulnerabilities overviewed
  • Devices affected
  • Impact of vulnerability
  • Why Life Safety Power failed to respond to multiple reports until IPVM intervened
  • What Life Safety Power says they are doing now to improve their cybersecurity process

Related, see IPVM's Cybersecurity Vulnerability Directory

'***** ********' *** *** devices **** **** ***** about **** *********** *************** but ** **** *** more ******* ** '******', the ***** *** **** need ** ** ********** as ****.

******, ******** **************** *** ********** ******* *************** in********** ***** ******* *******.

LifeSafety Power NetLink Vulnerability1

**** ***** **** **** Bashis *** ********** ************ *****. ******, ** ******* details ** **** ************* including:

  • *************** **********
  • ******* ********
  • ****** ** *************
  • *** **** ****** ***** failed ** ******* ** multiple ******* ***** **** intervened
  • **** **** ****** ***** says **** *** ***** now ** ******* ***** cybersecurity *******

*******, *** ****'************** ************* *********

[***************]

LifeSafety ***** ******* ************* ********

******* ******* *** **** with ****** ******** ******* to ****** ******* *** control ****** ***** *** receive ****** ********* ****** or ******** *********.

Impact ** *************

********' ***** ** ******* report *****, *** ******** ** high, **** ******* *************** including ************ ****** ** clear **** ***********, ** the ******* **** *** PoC *****:

***** ******** ** ** cameras, ***** *** ****** far **** ** ***** devices, ***** ******* *** generally **** ** ****** security ********** ***** ************ of **** *************** ***** be **** ***********.

Patch *** *************

***** **** ******** ******* can******** ******* ******** **** their ******* ****. *** ***** ******* ******** NetLink ******* ** ***** network, *** ********** *** ** downloaded ****, *** ** **** to ****** *** ***** upgrade ********.

Devices ********

*** ******* ******** ******* the NL2 *** *** ******* firmware ******** *.**, *.***-** and *.***-***.

Poor ******** ** ******** *************

****** ****** **** ******* attempts ** ******* *** before **** ******* *********. The ******** ***** ***** this **** **** ******** 2018 - ***** ****.

******** **, ****: ****** contacts ******** ******** **** VDOO **** *** ********, and **** ******* ** contact *** **** *** findings ******** ***** ** no *****.

******** **, ****: **** returns *** **** ** him ***** *** *** failed ** *******. **** the **** *** **** Bashis ******** ** ******* LSP *******, ***** **** ignored, ******* **** **** thought ** *** * phishing *******.

******** **, ****: ** a ***** ****** ** provide *** * ****** to ****** ***** ******** and ******* ****** ********** his ********, ****** ******* out ** ****. **** was **** ** *** in ***** ********** ***** and ******* **** **** Bashis.

***** * ****: *** firmware *** ******** *** provided ** ****** *** testing.

***** * ****: ****** confirmed *** ******** *** corrected.

*** ********* ****:

***** *********** ********** ***** was * ******* **** **** ** stating * ************* *** found ** ******* *** ** appeared ** **** **** a phishing email and so wasn’t ***** **. **** *** our *******.

**** ** ****** ***** of *** ******** ***** in ******** (*** **** Honovich ****** ** *****) we ***** ********** *** matter **** ***.

Improvements ********** *******

*** **** *** **** will ** **** ******** about ******** ********:

***** ******* *** *** and *** ********* **** will ** ****** ** *** ************* ******* *********, ** matter *** ******.

**** ****** ********* ************ in ***** ******** *********** process:

*** ***** *** ********** during ******** ***********. ** have ******** *** **** review **** * ***** security ****** *** **** plan ** ********** ********** external ***** ***** *******.

Default ******** *******

*** ******** ******* **** with ******* *********** ***** are ********** ** ** changed **** * ***-** message *** *** *** required ** ** *******. Due ** *** **** associated **** ******* ***********, they **** ********* ** ****************** ** ******* ****.

Response ** ******* ******** *****

*** ********** ** ***** allowance ** ******* *********:

*** ******* ******** ** ******** provided for ******* ***** *** testing ** *** ****** (common ******** ** *** industry). To ****** ***** ** setup ****** ********, ** ***** a “***” ******** **** *** default ******** ** *** ****** and ** ****** ** changed to * ******* ******** password ********** ** *** customer ** *** **********. *** warning ******* ******** ***** time ** ***** ** long ** *** ******** has *** **** ***** properly.  **** * ******** is ******* ** ** required ** **** * -14 ********* **** * mix ** *******, **** sensitive *******, *** ******* characters. We **** ******* * survey ***** *** ******** base *** *** ** we ****** **** *** Netlink ******** ***** ***** to ***** ****** ******** the ***** **** **** login. ********* ** *** survey *******, ** *** change *** ******** ** force ***** ** ****** the ******* ******** ***** their ***** *****.

****: ** ******** ***** it ***** '******** ********' in ****, ************ ********* have ********** *** ******* password, ******* ***** ** set * ******** ** first ***.

Device ********* *****

*********** ********* ************* *** ** ****, recommending ***** * ****** IP ******* ** * cybersecurity **********, ******* ***** alerts, *** ***** **** rather **** ***** ** you **** **** ******* is ******:

Reminder ** ******* *****

**** ** * **** reminder **** ** **** devices **** *** '******** of ******', *************, ***********, and ***** **** ** be ******** ***** ************* vulnerabilities. 

Comments (27)

Undisclosed Integrator #1

05/20/19 02:40pm

"****** ****** **** ******* attempts ** ******* *** before **** ******* *********. The ******** ***** ***** this **** **** ******** 2018 - ***** ****."

******, **** *** **** difficult ** *********** ****.  Communications **** **** ******* are ****** ***-********, **** have ***** ******** ***** no ****** **** *** question...  *** **** **** too ****, ************ ** just ***** ********?

**** *** ******* ** their *********, *** *** to ***** ***-**************, *** only ****** **, "****"!

Undisclosed Manufacturer #2

05/20/19 04:19pm

**** ****** **** *** message ** *****-*******. ********* basic ********* ********* ** *** switch ** ******** * manufacturer's ********. *** *******/******** prevention, ******** **********, ******** turned ***, ***** *********** all *** **** *******/******** exploitation, **** ** *** absence ** * ***.

Undisclosed End User #3

05/20/19 05:15pm

***** ****** *** *** uniqie ** ***, **** is * ******** **** probelm **** *** *-***** better *** *** ** front ** ****** *** comes **** ** **** them ** *** **********. 

* ***** **** ** see ******** ** *** IPVM ********* ** *** who **** ****** ***** concerns ***** (****** *** pun) *** ********** ************ of *******.  * **** want ** **** **** LSP **** **** * cyber ********** *** **** curious *** **** ****** cyber ** #* ******* when ********** ********.

* ******** *** ******** but ***** *** ** are ******** *** ******* until ***** ** **** EIT/EIS ********** ** ******* pen-tesing **** ** ******* else ***** **** ************ or ***** *** *****.   I **** *** *** LSP **** *** ******* modular ** * *** use *** ******* *** and *** ** *** '"connectivity" ** * ***** date.

John Honovich

IPVM | In reply to Undisclosed End User #3 | 05/20/19 05:46pm

***** *** ** *** removing *** ******* ***** there ** **** ***/*** Evaluation ** ******* ***-****** dont ** ******* **** other **** ************ ** thier *** *****

*** ***** ** ****? 

Undisclosed End User #3

In reply to John Honovich | 05/22/19 05:17pm

** ******** *** "************ Piece" ** ****** ** to **** ** * non-technology ***** (********** **********) and ***** **** ** deploy *** *** ******* Solutions ** ******* ********** and *********** ****** *** enterprise (**** ***+ ********). 

**** ***/*** *** **** to ******** *** **** Test *** ******* *** approves ** ** * "Connected ******" **** * can *** **** ** the *** *** **** advantage ** *** *** monitoring *********.

** ** ***** (********* institutions) ********** ********** ** the **** ** *** game, ** ****** ********** requirements ******!  ** ** is "** *******" **** it ******* ******* ***********, long **** *** *** days ** **** ***** a ******/******** *** ** host ***** *******.

bashis mcw

05/20/19 06:12pm

**** ****** ** **** for ******* ** ************ the ******* **** ***, its *** ***** *** last ******** *** **, and **** ****** ** LSP *** **** ******** and ******* ** ***** this ************ ** ****.

John Olliver

05/20/19 09:31pm

********** ***** ***** **** responsibility *** *** ************* found ** *** ********** Bashis.  ******* *** *** the ******** ***** ***** penetration ******* **** ********** had ********** **** ******* so ** ******* ***** that ** ***.

***** ********** **** ******, a ******** ***** *** done *** ******** ** him *** ************ ** operation. ****** ****** *** confirmed ******* (**** ***********) and ** ******** *** new ******** *** *****.

*** *** ***** *** reputation ** ******* *** response ** *** ********** which *** **** * key ****** ** *** growth ***** ***** *** beginnings.  ** ******* **** those ********** *** ******** to *** ***/*** ***** was ********, *********, *** acted **** ****** *** day ** ******** ************. Up ** **** *****, there *** **** *** email ** *** ******** of * ******* **** the ***/***. **** ***** sender *** ******* ** us, *** ** ******* identification, ** ***** ****** and ** *********** ******** affiliation *** *** ******* in * ****** **** did *** ****** ********. There ** ** ****** within *** ***** ** a ******* ********** ** VDOO *** ** **** never **** ******** ****, or *** ******* **** that *******.

*** **** ******* ***** uses *** **** “***************” (plural), ****** *** ********** that ***** *** ******** issues **** *** ****** but **** *** **** changes *** ******* ** “vulnerability” (********). “***************” ** misleading. *** ***** ** the *********** ******** ** not * ************* *** the ****** ** ******** request ** **** ****** to *** ** ****** for **-***** ***** *** configuration ******* *** **** to **** ******** ******** records ***** ** *** unit ***** ** **** and ****. **** *** be ******* ** ********* (or ****) ******* **.

**** ******** *** ******** in * ****** ****** LSP ** *** ********** involved ** ******** ********** such **** **** **** of ***** ** ********** and * ****** **** will ****** ** ************* queries ***** ********.

*** ********** ** ****** first *** ******** ** our **** *** ** will ****** **** ******** steps *** ********* ** uphold ** *** *** responsibility ** *** *********. 

**** *******

** ** ***** *** Marketing

********** *****

 

** *********** ********** #*...

*** **** **** ** highly ******* ** ******* and ******* ** **** comment **** *** ****"***** *** * ****** call"  ***** ****** *** ** character.  ** ** **** a *********** ******* *'* not ***** ** * would **** ** ********** that *** ******* **, so ****** ******* **. Direct **** (***) ***-****.

* **** ****** **** call.

John Honovich

IPVM | In reply to John Olliver | 05/20/19 09:38pm

*** **** ******* ***** uses *** **** “***************” (plural), ****** *** ********** that ***** *** ******** issues **** *** ******

***, ****'* ************* *** ***** ******** vulnerabilities(******), ** ************ *****:

** *** *** ** into *** ******* ** each ************* *** ****** of ***** *** ********* complexity *** ***** *** multiple ***************.

Undisclosed #4

In reply to John Olliver | 05/20/19 09:39pm

******* *** *** *** multiple ***** ***** *********** testing **** ********** *** identified **** ******* ** we ******* ***** **** he ***.

** *** *** ******* did *** ******* ****** code ******, **** ** is ******** *** ***** ever **** *************** **** this. ******** *** ******* tends ** ****** ***** on ******* *** ***** exploits *** ****** ****** like *** ********* ** form ************. 

** **** *** ******* included ****** **** *******, then *** ****** ******** ask *** * ****** (not ******** ***** *************** were **** ** ****, but * ****** **** should **** ***** ** least **** ** *** basics.

Undisclosed #5

05/21/19 01:49am

***** ********' *** *** devices **** **** ***** about **** *********** ***************...

*’* ***** **** *** fact **** ****** ** now ******* ***** ******** as * *********** **** that ** ******* *** have ******** ********.

** ****** *******, *’* an *****.

 

Undisclosed #6

05/21/19 07:49pm

*****, * (************* *********) disclaimer -- ***** **** to ****** *** ******* this *************. * **** it **** * *** that * ***** *** that *** ************* ** the ***** ******* ** the ******** ******** ******** the ****** **** ** IPVM ********.

**** **** ****, ***** it's ************ **** **** a ************* ******* ** the *** ******* ** the ***** *****, ** I ** ************* ** correctly **** *** ******** versions ***** **** ************* was ********** *** *.* and *.**, **** ** another ******* ******* ** how ***********/********* ********** **** cyber ******* ** *** first ***** ***** ******** this ************* ** *** first *****. **** ******** release *****, ** ***** like *.** *** ******** in ******* ** ****, and *** **** *.* revision *** ** ******** of ****. * **** that *** ** **** were ******** ** *.** last *****.

***** ************ ** *********, but ************ * ********* check ** *** ******** revisions *** *** *******-********* devices ****** ** * bare ******* *********** ***** days. **** **** ****** to ** ** **** often, *** ****** ***** an **********-***** ******* ****** be **** ** ** quarterly ******* *** *****.

***** -- ***** ** all ******** *** ******* the *************, *** ** LSP *** (**********) ****** it.

** * ********, *** those *** *** **** LSP ** ************, *** literally **** ** ******* the ***** ****** ** just **** ****** *** luck. ****'** *** ** the *** ************* *'** dealt **** **** ******** respond ******* ****** ***** time * **** ******* them.

John Honovich

IPVM | In reply to Undisclosed #6 | 05/21/19 08:40pm

* ***** *** **** his ************* ** *** cyber ******* ** *** security ******** ******** *** entire **** ** **** combined.

****** ************* *** **** significant **** *** ****** industry ********. **'* ********** vulnerabilities ******,*****,*********,*******,***, ** **** **** a ***, **** *** made *** ******** *** more ***** ** ***** risks.

** *** *** **************, the **** **** **** though ** ***** **** 'bahis' *** ******** ** a **** ************* ** the ********* ** ************* issues ** **** ******** and ****, **** *************, their ******* ******** '******'***** ***** *** ******** prominent ********** ** *** work.

Undisclosed #6

In reply to John Honovich | 05/21/19 11:39pm

****, ******* ****** *** knowledge ** **** ******** Bashis **** ** ***** out ** ****, * would ******** ** ** the **** ***** ********* that ****** *** ******* was ********* *********** ** an ***** ******** ** that ** *** **** by * ***-***** ******** service ****** *** *********, either ******* **** *** no **** **** ** was ****** ** ******* they **** **** ** was **********. *****, *** the ****** ** *** world ** ****** ****, but * ***'* ***** it's ********** ** ****** to *** **** ******'* written ******* *** ********* come ****** ** *********** from ****** ** *** ******* King ** ******* ** ********* *******...** ********** intended, *** *'* **** saying...

****** ***, ** ***** is **** * ***** hope **** **** ******* doesn't ******* *** ** an ****** ******** ***** as "************" ** *** caring ***** ***** ******. My ********** -- *** obviously *** ********** ** others -- ** ******* the ******** ** **** regards, *** ****'* ******* evidenced ** *** ********** quick *** **** **** released **** **** ******** it *** *****.

John Honovich

IPVM | In reply to Undisclosed #6 | 05/21/19 11:49pm

** **** ** *** read ** * ***-***** customer ******* ****** *** discarded

****'* * **** *******. They ***** **** **** the ***** *** ***** vulnerabilities *** ** ***** that ****** *** *** name *****. ***** ** them ** **** *** not **** *** ****** is *** *** *** think ***** ******** ***, which ***** **** ****** and ******* ********* **** it ****** ** ** examined *******.

* ***'* ****** ***, I ***'* **** **** Olliver, ** * ** not ****** **** *** good ** *** *********, just **** ***** *********** for *** ********** ** the ************* *****(*) **** not **** **** ***** to **.

Undisclosed #5

05/22/19 05:41am

*) ***** ****** *** typically **** ********* (****** windows).

*) ** ** ********** that ****** ** ************ ** * *********** ******(*** ****** ***** *****) and ****(** ***** ****** ************).

*) **********, *** ********** clearly *** ******** ** all ***** **** ********* of *** ******, ***** by *** *** *****.

*) **** ** **** don’t ******* **, ***** hackers *** ***** ********* to ***** ***** ** gaffes.

*) ********* *** ** big ************ ***** ****** ********* dissonance ** *** ****** researcher, ** ** ************** feels ******** *********** ***** with *** ******* ** the ********* *********** ****-**.

********* *** *** ** the ********** ****** ****** ** ********** ** once ** ***** ** the ***************, ** ***** *****.

 

bashis mcw

In reply to Undisclosed #5 | 05/22/19 05:26pm

*** *** *** *** of *** *****, *** me ******* *** * bit **** **** ********* URL 

*****://***.********.***/****-******?*******=******

 

Undisclosed #5

In reply to bashis mcw | 05/23/19 12:28am

* ***** *********, **. w.

bashis mcw

In reply to Undisclosed #5 | 06/06/19 06:57pm

*** * * *****, my **** ** ******* "bashis" *** *** "******", however *'* *** ** sensitive ***** ****  ;)

Undisclosed Integrator #7

05/24/19 03:00am

*********:  ****** ** **** what *** ** *** a ****** ** ** this * *****?  *'* not ******* *** **** gets ********* ** *** I ***.  *** *** doing ********** **** *** I **** ***** ** some ****** ** **** for ***.

bashis mcw

In reply to Undisclosed Integrator #7 | 05/24/19 07:39am

** ** **** ****, reward ** ******* **********.

Avatar

Scott Napier

08/26/19 05:09pm

** * *** *** is ******* ** *** for * ****** **** will ** ***** ** least ** ** *****, now * **** ** verify **** **** **** actually ***** *** *******. My **** *****.

bashis mcw

In reply to Scott Napier | 08/26/19 07:40pm

* ***** ********* *** to **** **-** **** with ****** **, **** you “******” ** **.

Rodney Thayer

Smithee Solutions LLC | In reply to Scott Napier | 08/26/19 08:45pm

*********** ******** ********* ** a *********** ******. ** yes ***'* **** ** verify **'* *** ****** version, *** *** ****** have ******* **** ******** the *******...

Avatar

Scott Napier

In reply to Rodney Thayer | 08/26/19 09:53pm

**** ** * ****** thing. **** *** ********* yet.

Jim Elder

09/11/19 03:46pm

* ********** **** *** has **** **** ** Assa *****. ** *** think **** *** **** or ****** *** ******** with ********?

Avatar

Brian Rhodes

IPVMU Certified | In reply to Jim Elder | 09/11/19 04:04pm

***** ***, *** *** post ** *** ****:**** ******** ********** *****.

** ** ********* ** be ******** ******* *** buy ***** ** ***** LSP ****** *********, *** it ** ***** ******** out **** **** **** week ****** * '***** ******** *******' ************* **** *** in ******.

*** ****** ********* *** responsibility ** ************* ** a ********** ***** ** people ****** **** ** likely ** ****** ** a *********** ***** ****** brands, ****** **** ********** be ******** *** ******** within * ***** ******* like ********** ***** *****.

Undisclosed #8

09/11/19 04:52pm

*** *** * **** the "***** ******** ****** (HID5442)" **** ** **** Long *****. ***** ** not * *** *****, Mercury *** ***** ***** "we **** *****" ********* noise ;-)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Subnetting for Video Surveillance on Apr 30, 2019
This guide explains when subnetting is used on security networks, and how it works. We explain how to add or remove IP addresses to your range,...
Verint Victimized By Ransomware on Apr 18, 2019
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was...
HTTPS / SSL Video Surveillance Usage Statistics on Apr 01, 2019
HTTPS / SSL / TLS usage has become commonplace for websites to improve security and, in particular, to help mitigate attackers reading or modifying...

Most Recent Industry Reports

USA ICI Elevated Skin Temperature Detectors Examined on Apr 06, 2020
Infrared Cameras, Inc. (ICI) is aiming to help slow the spread of COVID-19 with "pinpoint accurate skin temperature measurement" using their...
Trade Groups Request NDAA Blacklist Delay Citing Coronavirus on Apr 06, 2020
Two trade groups representing government contractors have asked Congress to delay implementation of the NDAA's 'blacklist' clause from this August...
Coronavirus Hits Manufacturers, Standing Now, Worse To Come on Apr 06, 2020
Coronavirus is hitting security manufacturers, though overall modestly for now, with worse expected to come, new IPVM survey results...
FLIR New Coronavirus Prioritized Temperature Screening Camera Examined on Apr 03, 2020
FLIR has announced a new series of thermal cameras "prioritized for entities working to mitigate the spread of COVID-19 virus", the A400/A700...
ADI Branch Burglary on Apr 03, 2020
A security systems distributor branch is an odd target for burglary but that happened this week at ADI's Memphis location. Vehicle Smash &...
Hikvision And Dahua Now Blocked From Conforming ONVIF Products on Apr 03, 2020
Dahua and Hikvision, sanctioned for human rights abuses, are now blocked from submitting products for ONVIF conformance, a blow to the mega China...
YCombinator AI Startup Visual One Tested on Apr 02, 2020
Startup Visual One, backed by Silicon Valley's powerful Y Combinator, aims to be "Your 24/7 Watchman" with advanced analytics and object...
Free IPVM Memberships For The Unemployed on Apr 02, 2020
IPVM is giving 3-month free memberships (regular price $99) for the unemployed, no questions asked. To get it, just contact us, your request...
Dahua Faked Coronavirus Camera Marketing on Apr 01, 2020
Dahua has conducted a coronavirus camera global marketing campaign centered around a faked detection. Now, Dahua has expanded this to the USA,...
Video Surveillance Trends 101 on Apr 01, 2020
This report examines major industry factors and how they could impact video surveillance in the next 5 - 10 years. This is part of our Video...