LifeSafety Power NetLink Vulnerabilities And Problematic Response

By John Scanlan, Published on May 20, 2019

'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for them need to be considered as well.

Indeed, Security researcher Bashis has discovered various vulnerabilities in LifeSafety Power NetLink devices.

LifeSafety Power NetLink Vulnerability1

IPVM spoke with both Bashis and executives at LifeSafety Power. Inside, we provide details on this vulnerability including:

Vulnerabilities overviewed
Devices affected
Impact of vulnerability
Why Life Safety Power failed to respond to multiple reports until IPVM intervened
What Life Safety Power says they are doing now to improve their cybersecurity process

Related, see IPVM's Cybersecurity Vulnerability Directory

LifeSafety ***** ******* ************* ********

******* ******* *** **** with ****** ******** ******* to ****** ******* *** control ****** ***** *** receive ****** ********* ****** or ******** *********.

Impact ** *************

********' ***** ** ******* report *****, *** ******** ** high, **** ******* *************** including ************ ****** ** clear **** ***********, ** the ******* **** *** PoC *****:

***** ******** ** ** cameras, ***** *** ****** far **** ** ***** devices, ***** ******* *** generally **** ** ****** security ********** ***** ************ of **** *************** ***** be **** ***********.

Patch *** *************

***** **** ******** ******* can******** ******* ******** **** their ******* ****. *** ***** ******* ******** NetLink ******* ** ***** network, *** ********** *** ** downloaded ****, *** ** **** to ****** *** ***** upgrade ********.

Devices ********

*** ******* ******** ******* the NL2 *** *** ******* firmware ******** *.**, *.***-** and *.***-***.

Poor ******** ** ******** *************

****** ****** **** ******* attempts ** ******* *** before **** ******* *********. The ******** ***** ***** this **** **** ******** 2018 - ***** ****.

******** **, ****: ****** contacts ******** ******** **** VDOO **** *** ********, and **** ******* ** contact *** **** *** findings ******** ***** ** no *****.

******** **, ****: **** returns *** **** ** him ***** *** *** failed ** *******. **** the **** *** **** Bashis ******** ** ******* LSP *******, ***** **** ignored, ******* **** **** thought ** *** * phishing *******.

******** **, ****: ** a ***** ****** ** provide *** * ****** to ****** ***** ******** and ******* ****** ********** his ********, ****** ******* out ** ****. **** was **** ** *** in ***** ********** ***** and ******* **** **** Bashis.

***** * ****: *** firmware *** ******** *** provided ** ****** *** testing.

***** * ****: ****** confirmed *** ******** *** corrected.

*** ********* ****:

***** *********** ********** ***** was * ******* **** **** ** stating * ************* *** found ** ******* *** ** appeared ** **** **** a phishing email and so wasn’t ***** **. **** *** our *******.
**** ** ****** ***** of *** ******** ***** in ******** (*** **** Honovich ****** ** *****) we ***** ********** *** matter **** ***.

Improvements ********** *******

*** **** *** **** will ** **** ******** about ******** ********:

***** ******* *** *** and *** ********* **** will ** ****** ** *** ************* ******* *********, ** matter *** ******.

**** ****** ********* ************ in ***** ******** *********** process:

*** ***** *** ********** during ******** ***********. ** have ******** *** **** review **** * ***** security ****** *** **** plan ** ********** ********** external ***** ***** *******.

Default ******** *******

*** ******** ******* **** with ******* *********** ***** are ********** ** ** changed **** * ***-** message *** *** *** required ** ** *******. Due ** *** **** associated **** ******* ***********, they **** ********* ** ****************** ** ******* ****.

Response ** ******* ******** *****

*** ********** ** ***** allowance ** ******* *********:

*** ******* ******** ** ******** provided for ******* ***** *** testing ** *** ****** (common ******** ** *** industry). To ****** ***** ** setup ****** ********, ** ***** a “***” ******** **** *** default ******** ** *** ****** and ** ****** ** changed to * ******* ******** password ********** ** *** customer ** *** **********. *** warning ******* ******** ***** time ** ***** ** long ** *** ******** has *** **** ***** properly. **** * ******** is ******* ** ** required ** **** * -14 ********* **** * mix ** *******, **** sensitive *******, *** ******* characters. We **** ******* * survey ***** *** ******** base *** *** ** we ****** **** *** Netlink ******** ***** ***** to ***** ****** ******** the ***** **** **** login. ********* ** *** survey *******, ** *** change *** ******** ** force ***** ** ****** the ******* ******** ***** their ***** *****.

****: ** ******** ***** it ***** '******** ********' in ****, ************ ********* have ********** *** ******* password, ******* ***** ** set * ******** ** first ***.

Device ********* *****

*********** ********* ************* *** ** ****, recommending ***** * ****** IP ******* ** * cybersecurity **********, ******* ***** alerts, *** ***** **** rather **** ***** ** you **** **** ******* is ******:

Reminder ** ******* *****

**** ** * **** reminder **** ** **** devices **** *** '******** of ******', *************, ***********, and ***** **** ** be ******** ***** ************* vulnerabilities.

Comments (27)

Undisclosed Integrator #1

05/20/19 02:40pm

"****** ****** **** ******* attempts ** ******* *** before **** ******* *********. The ******** ***** ***** this **** **** ******** 2018 - ***** ****."

******, **** *** **** difficult ** *********** ****. Communications **** **** ******* are ****** ***-********, **** have ***** ******** ***** no ****** **** *** question... *** **** **** too ****, ************ ** just ***** ********?

**** *** ******* ** their *********, *** *** to ***** ***-**************, *** only ****** **, "****"!

Undisclosed Manufacturer #2

05/20/19 04:19pm

**** ****** **** *** message ** *****-*******. ********* basic ********* ********* ** *** switch ** ******** * manufacturer's ********. *** *******/******** prevention, ******** **********, ******** turned ***, ***** *********** all *** **** *******/******** exploitation, **** ** *** absence ** * ***.

Undisclosed End User #3

05/20/19 05:15pm

***** ****** *** *** uniqie ** ***, **** is * ******** **** probelm **** *** *-***** better *** *** ** front ** ****** *** comes **** ** **** them ** *** **********.

* ***** **** ** see ******** ** *** IPVM ********* ** *** who **** ****** ***** concerns ***** (****** *** pun) *** ********** ************ of *******. * **** want ** **** **** LSP **** **** * cyber ********** *** **** curious *** **** ****** cyber ** #* ******* when ********** ********.

* ******** *** ******** but ***** *** ** are ******** *** ******* until ***** ** **** EIT/EIS ********** ** ******* pen-tesing **** ** ******* else ***** **** ************ or ***** *** *****. I **** *** *** LSP **** *** ******* modular ** * *** use *** ******* *** and *** ** *** '"connectivity" ** * ***** date.

John Honovich

IPVM | In reply to Undisclosed End User #3 | 05/20/19 05:46pm

***** *** ** *** removing *** ******* ***** there ** **** ***/*** Evaluation ** ******* ***-****** dont ** ******* **** other **** ************ ** thier *** *****

*** ***** ** ****?

Undisclosed End User #3

In reply to John Honovich | 05/22/19 05:17pm

** ******** *** "************ Piece" ** ****** ** to **** ** * non-technology ***** (********** **********) and ***** **** ** deploy *** *** ******* Solutions ** ******* ********** and *********** ****** *** enterprise (**** ***+ ********).

**** ***/*** *** **** to ******** *** **** Test *** ******* *** approves ** ** * "Connected ******" **** * can *** **** ** the *** *** **** advantage ** *** *** monitoring *********.

** ** ***** (********* institutions) ********** ********** ** the **** ** *** game, ** ****** ********** requirements ******! ** ** is "** *******" **** it ******* ******* ***********, long **** *** *** days ** **** ***** a ******/******** *** ** host ***** *******.

bashis mcw

05/20/19 06:12pm

**** ****** ** **** for ******* ** ************ the ******* **** ***, its *** ***** *** last ******** *** **, and **** ****** ** LSP *** **** ******** and ******* ** ***** this ************ ** ****.

John Olliver

05/20/19 09:31pm

********** ***** ***** **** responsibility *** *** ************* found ** *** ********** Bashis. ******* *** *** the ******** ***** ***** penetration ******* **** ********** had ********** **** ******* so ** ******* ***** that ** ***.

***** ********** **** ******, a ******** ***** *** done *** ******** ** him *** ************ ** operation. ****** ****** *** confirmed ******* (**** ***********) and ** ******** *** new ******** *** *****.

*** *** ***** *** reputation ** ******* *** response ** *** ********** which *** **** * key ****** ** *** growth ***** ***** *** beginnings. ** ******* **** those ********** *** ******** to *** ***/*** ***** was ********, *********, *** acted **** ****** *** day ** ******** ************. Up ** **** *****, there *** **** *** email ** *** ******** of * ******* **** the ***/***. **** ***** sender *** ******* ** us, *** ** ******* identification, ** ***** ****** and ** *********** ******** affiliation *** *** ******* in * ****** **** did *** ****** ********. There ** ** ****** within *** ***** ** a ******* ********** ** VDOO *** ** **** never **** ******** ****, or *** ******* **** that *******.

*** **** ******* ***** uses *** **** “***************” (plural), ****** *** ********** that ***** *** ******** issues **** *** ****** but **** *** **** changes *** ******* ** “vulnerability” (********). “***************” ** misleading. *** ***** ** the *********** ******** ** not * ************* *** the ****** ** ******** request ** **** ****** to *** ** ****** for **-***** ***** *** configuration ******* *** **** to **** ******** ******** records ***** ** *** unit ***** ** **** and ****. **** *** be ******* ** ********* (or ****) ******* **.

**** ******** *** ******** in * ****** ****** LSP ** *** ********** involved ** ******** ********** such **** **** **** of ***** ** ********** and * ****** **** will ****** ** ************* queries ***** ********.

*** ********** ** ****** first *** ******** ** our **** *** ** will ****** **** ******** steps *** ********* ** uphold ** *** *** responsibility ** *** *********.

**** *******

** ** ***** *** Marketing

********** *****

** *********** ********** #*...

*** **** **** ** highly ******* ** ******* and ******* ** **** comment **** *** ****"***** *** * ****** call" ***** ****** *** ** character. ** ** **** a *********** ******* *'* not ***** ** * would **** ** ********** that *** ******* **, so ****** ******* **. Direct **** (***) ***-****.

* **** ****** **** call.

John Honovich

IPVM | In reply to John Olliver | 05/20/19 09:38pm

*** **** ******* ***** uses *** **** “***************” (plural), ****** *** ********** that ***** *** ******** issues **** *** ******

***, ****'* ************* *** ***** ******** vulnerabilities(******), ** ************ *****:

** *** *** ** into *** ******* ** each ************* *** ****** of ***** *** ********* complexity *** ***** *** multiple ***************.

Undisclosed #4

In reply to John Olliver | 05/20/19 09:39pm

******* *** *** *** multiple ***** ***** *********** testing **** ********** *** identified **** ******* ** we ******* ***** **** he ***.

** *** *** ******* did *** ******* ****** code ******, **** ** is ******** *** ***** ever **** *************** **** this. ******** *** ******* tends ** ****** ***** on ******* *** ***** exploits *** ****** ****** like *** ********* ** form ************.

** **** *** ******* included ****** **** *******, then *** ****** ******** ask *** * ****** (not ******** ***** *************** were **** ** ****, but * ****** **** should **** ***** ** least **** ** *** basics.

Undisclosed #5

IPVMU Certified | 05/21/19 01:49am

***** ********' *** *** devices **** **** ***** about **** *********** ***************...

*’* ***** **** *** fact **** ****** ** now ******* ***** ******** as * *********** **** that ** ******* *** have ******** ********.

** ****** *******, *’* an *****.

Undisclosed #6

05/21/19 07:49pm

*****, * (************* *********) disclaimer -- ***** **** to ****** *** ******* this *************. * **** it **** * *** that * ***** *** that *** ************* ** the ***** ******* ** the ******** ******** ******** the ****** **** ** IPVM ********.

**** **** ****, ***** it's ************ **** **** a ************* ******* ** the *** ******* ** the ***** *****, ** I ** ************* ** correctly **** *** ******** versions ***** **** ************* was ********** *** *.* and *.**, **** ** another ******* ******* ** how ***********/********* ********** **** cyber ******* ** *** first ***** ***** ******** this ************* ** *** first *****. **** ******** release *****, ** ***** like *.** *** ******** in ******* ** ****, and *** **** *.* revision *** ** ******** of ****. * **** that *** ** **** were ******** ** *.** last *****.

***** ************ ** *********, but ************ * ********* check ** *** ******** revisions *** *** *******-********* devices ****** ** * bare ******* *********** ***** days. **** **** ****** to ** ** **** often, *** ****** ***** an **********-***** ******* ****** be **** ** ** quarterly ******* *** *****.

***** -- ***** ** all ******** *** ******* the *************, *** ** LSP *** (**********) ****** it.

** * ********, *** those *** *** **** LSP ** ************, *** literally **** ** ******* the ***** ****** ** just **** ****** *** luck. ****'** *** ** the *** ************* *'** dealt **** **** ******** respond ******* ****** ***** time * **** ******* them.

John Honovich

IPVM | In reply to Undisclosed #6 | 05/21/19 08:40pm

* ***** *** **** his ************* ** *** cyber ******* ** *** security ******** ******** *** entire **** ** **** combined.

****** ************* *** **** significant **** *** ****** industry ********. **'* ********** vulnerabilities ******,*****,*********,*******,***, ** **** **** a ***, **** *** made *** ******** *** more ***** ** ***** risks.

** *** *** **************, the **** **** **** though ** ***** **** 'bahis' *** ******** ** a **** ************* ** the ********* ** ************* issues ** **** ******** and ****, **** *************, their ******* ******** '******'***** ***** *** ******** prominent ********** ** *** work.

Undisclosed #6

In reply to John Honovich | 05/21/19 11:39pm

****, ******* ****** *** knowledge ** **** ******** Bashis **** ** ***** out ** ****, * would ******** ** ** the **** ***** ********* that ****** *** ******* was ********* *********** ** an ***** ******** ** that ** *** **** by * ***-***** ******** service ****** *** *********, either ******* **** *** no **** **** ** was ****** ** ******* they **** **** ** was **********. *****, *** the ****** ** *** world ** ****** ****, but * ***'* ***** it's ********** ** ****** to *** **** ******'* written ******* *** ********* come ****** ** *********** from ****** ** *** ******* King ** ******* ** ********* *******...** ********** intended, *** *'* **** saying...

****** ***, ** ***** is **** * ***** hope **** **** ******* doesn't ******* *** ** an ****** ******** ***** as "************" ** *** caring ***** ***** ******. My ********** -- *** obviously *** ********** ** others -- ** ******* the ******** ** **** regards, *** ****'* ******* evidenced ** *** ********** quick *** **** **** released **** **** ******** it *** *****.

John Honovich

IPVM | In reply to Undisclosed #6 | 05/21/19 11:49pm

** **** ** *** read ** * ***-***** customer ******* ****** *** discarded

****'* * **** *******. They ***** **** **** the ***** *** ***** vulnerabilities *** ** ***** that ****** *** *** name *****. ***** ** them ** **** *** not **** *** ****** is *** *** *** think ***** ******** ***, which ***** **** ****** and ******* ********* **** it ****** ** ** examined *******.

* ***'* ****** ***, I ***'* **** **** Olliver, ** * ** not ****** **** *** good ** *** *********, just **** ***** *********** for *** ********** ** the ************* *****(*) **** not **** **** ***** to **.

Undisclosed #5

IPVMU Certified | 05/22/19 05:41am

*) ***** ****** *** typically **** ********* (****** windows).

*) ** ** ********** that ****** ** ************ ** * *********** ******(*** ****** ***** *****) and ****(** ***** ****** ************).

*) **********, *** ********** clearly *** ******** ** all ***** **** ********* of *** ******, ***** by *** *** *****.

*) **** ** **** don’t ******* **, ***** hackers *** ***** ********* to ***** ***** ** gaffes.

*) ********* *** ** big ************ ***** ****** ********* dissonance ** *** ****** researcher, ** ** ************** feels ******** *********** ***** with *** ******* ** the ********* *********** ****-**.

********* *** *** ** the ********** ****** ****** ** ********** ** once ** ***** ** the ***************, ** ***** *****.

bashis mcw

In reply to Undisclosed #5 | 05/22/19 05:26pm

*** *** *** *** of *** *****, *** me ******* *** * bit **** **** ********* URL

*****://***.********.***/****-******?*******=******

Undisclosed #5

IPVMU Certified | In reply to bashis mcw | 05/23/19 12:28am

* ***** *********, **. w.

bashis mcw

In reply to Undisclosed #5 | 06/06/19 06:57pm

*** * * *****, my **** ** ******* "bashis" *** *** "******", however *'* *** ** sensitive ***** **** ;)

Undisclosed #7

05/24/19 03:00am

*********: ****** ** **** what *** ** *** a ****** ** ** this * *****? *'* not ******* *** **** gets ********* ** *** I ***. *** *** doing ********** **** *** I **** ***** ** some ****** ** **** for ***.

bashis mcw

In reply to Undisclosed #7 | 05/24/19 07:39am

** ** **** ****, reward ** ******* **********.

Scott Napier

08/26/19 05:09pm

** * *** *** is ******* ** *** for * ****** **** will ** ***** ** least ** ** *****, now * **** ** verify **** **** **** actually ***** *** *******. My **** *****.

bashis mcw

In reply to Scott Napier | 08/26/19 07:40pm

* ***** ********* *** to **** **-** **** with ****** **, **** you “******” ** **.

Undisclosed

In reply to Scott Napier | 08/26/19 08:45pm

*********** ******** ********* ** a *********** ******. ** yes ***'* **** ** verify **'* *** ****** version, *** *** ****** have ******* **** ******** the *******...

Scott Napier

In reply to Undisclosed | 08/26/19 09:53pm

**** ** * ****** thing. **** *** ********* yet.

Jim Elder

09/11/19 03:46pm

* ********** **** *** has **** **** ** Assa *****. ** *** think **** *** **** or ****** *** ******** with ********?

Brian Rhodes

IPVMU Certified | In reply to Jim Elder | 09/11/19 04:04pm

***** ***, *** *** post ** *** ****:**** ******** ********** *****.

** ** ********* ** be ******** ******* *** buy ***** ** ***** LSP ****** *********, *** it ** ***** ******** out **** **** **** week ****** * '***** ******** *******' ************* **** *** in ******.

*** ****** ********* *** responsibility ** ************* ** a ********** ***** ** people ****** **** ** likely ** ****** ** a *********** ***** ****** brands, ****** **** ********** be ******** *** ******** within * ***** ******* like ********** ***** *****.

Undisclosed

09/11/19 04:52pm

*** *** * **** the "***** ******** ****** (HID5442)" **** ** **** Long *****. ***** ** not * *** *****, Mercury *** ***** ***** "we **** *****" ********* noise ;-)

Read this IPVM report for free.

This article is part of IPVM's 6,592 reports, 889 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.