Google Found Software House Vulnerability Allows Inside Attacker To Open Doors

Author: IPVM Team, Published on Sep 04, 2018

A vulnerability in Software House IP-ACM modules allows an attacker to potentially unlock doors, or perform other actions, on affected systems. Many affected systems are unable to fixed with a software patch, requiring hardware replacement instead.

IPVM spoke with Software House executives to get more details on this exploit, in this report we provide an assessment of the risk in vulnerable systems, and what Software House recommends for affected users.

[Note: this post was first published in January 2018 but was updated in September 2018 when it was disclosed that a Google employee discovered the vulnerability, making it mainstream news.]

************** ** ******** ***** **-*** ************* ** ******** ** *********** ****** *****, ** ******* ***** actions, ** ******** *******. **** ******** ******* *** ****** ** fixed **** * ******** *****, ********* ******** *********** *******.

**** ***** **** ******** ***** ********** ** *** **** ******* on **** *******, ** **** ****** ** ******* ** ********** of *** **** ** ********** *******, *** **** ******** ***** recommends *** ******** *****.

[****: **** **** *** ***** ********* ** ******* **** *** was ******* ** ********* **** **** ** *** ********* **** a ****** ******** ********** *** *************, ****** ** ********** ****.]

[***************]

Vulnerability ******** - *** *********** *********

****** *** *** ****** *** ************* ** ** *** ***** Ultra ******, ******** ***** ****** **** ****** ****** ** *** where *** ************* ****. *******, *****-*** ******** **** ******** *** ****** ********* ********.

***** ** *** *** ******* ********** ******* *** **-*** **** module *** *** ***** ***** ******* ********** ** *******, ** attacker *** ***** ****** ** *** ******* ******* *** ******* could ******* ******* ******* ** * ******** ******* (**** ** a **** **** *******), *** **** ***** ****** ***** ******* on *** ******* ** ***** *** **** ** **** ** will.

*** *** ******* **** ************* ***** ***** ******* ****** ****** that *** ******* **** *** **-*** ** ***** ***** ************** is *** ********** ** ********* *********. *** *******, ****** ***** on ******** ******** **** ******* ****** ** ********, *** **** security ******** **** ** *** ******* ******* ****** ** *****.

*** ********* ******* ***** *** * ******* ******* ***** ** iStar ***** *** **-*** **** ******* ***** ** ***********:

Replay ****** ******

** * ****** ******, ** ******** ******** ******* **** * program ******** *** ******* ********** (*.*.:*********), *** **** ******* ***** **** ******* ** *** *******, with *** ****** ***** ******* ********* ********* **** ** ********, and ****** ** **** ** ** **** **** **** ** the ******** ******. ****** ******* *** ***** **** **** ************** are *********, ******* *** ******** **** *** **** ** **** the ******** **** ********* ** *** *******, **** *** ******** outcome ** *** ****** ********* **** (*.*.: * ****** ** packets **** **** "**** **** ****", ** "***** **** ****'* password").

****** ******* *** ** ********* ** ***** *** **** ******* encryption, *** **** * ****** *** ** ******* ** *** each ******* ********. *********, ** ** ******** ******* * ******** with ** **/*** **** *** ******* **** ****, *** ******** will **** ** ****** **. *******, ***** **** ******* *** ability ** *** ****** *******, ** ***** ******** **** ********* and ***** ************ ********* (**** ** ***** ******* * **** controller *** ** ****** ******* ******) **** *******.

Current **-**** *** ***********

****** **** ************* ******** ******** ************ **** *** **-*** ** cannot *******, *** ** **** ** ****** *** ********** *********. JCI ** ** *** ******* ** ********* ** **-*** ** module **** ********* ********* ** *********** ******* ********. ********* **** need ** **** *** ** **-*** ***** *** ** ***** if **** **** ** ****** **** *************. *** ****** ********* wishing ** ****** *** ***** *********** ****** ******* ***** ********** and ******** ***** ******* ********* *** ********** ******* *** ***********.

Low **** / ******** **********

************ ********** **** ************* ******** ****** ** *** ******** ******* between *** **-*** *** ***** ***** ** ******* ******* ** be ******** *****. **** ***** ********* ******* ****** ****** ** a ********** **** ** *** ******, ** **-**** ***, ** other ****** **** ******** **** **** **** * ** ** the **** *******, *** ***** ** ************* ********** ** ******* remotely *** * *** ** ****-********** *****. **** ******* *** chances ** ******* *******, *** ****** ** ** **** ** an ******* ******.

******* *** ****** ****** ** ****** ** ******* ******* **** the *******, *** ******* **** ** ******* ** ***. ***** this **** *** **** **** ******** ******* ****** ** *******, it **** ****** *** ****** ******* *** **** ** ********* attackers ************ ****** **** ********* ****** *** ****** ***** ***** will ***** ***** ******** ******** ** *******.

Comments (8)

Undisclosed Integrator #1

01/17/18 02:47pm

**** **-***** *** *********** ******* *** ** *** *** ********** between ** **** *********** *** *** **** ********/****** **********. ** this ******* ****** **** ******** ***** **** *** **** ***/*** bit ********** ***** **** ***** ************* ********? *** ********** ** master ************* ** **** ****** * *********** ******** (***** ***** it ******** **** ***** ** * **** ******), *** ** not **** **** ** ******** ******* ***** ** ********** *** can ** *** ** *** ** **** *********** ** *** so ****.

*** ** **** ******** ** **** ************** **** *** **** spec *** ****** ******* ******* **** ** ********** **********?

Avatar

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 01/17/18 02:59pm

***, *** ********** ******* *** ******* ** *********.

********* ************** ** *** ******* ****** *******, **** **** ******* the ******** **** ******* *** ******** ********. *** **** ** do ********** ****** **** ****** ******* **'* ** *** ******** to ******* ****** *******. * ***** ** ***** **** ** the "****** ****** ******" *******, ******* ******* *** **** **** the *******.

***** ** ** **** ****, * *** ***** *** ** ask "***** ** *** ********" ** ********. *** ***** *** understand *** ******** ***** (********* ** * ****** **** ** encryption), *** *** ***** **** **** ****** *** "******" ** asking "***** ** *** ********" ** * ******** ****** ***** cause **** ** ***** *** ** *** ********. *** ** not ***** ********** *** ******** (********), *** *** *** ****** phrases ** *** * ******* *******.

********* ** *** ***** *******, ** *** ****** ** ******* someone **** ***** * "******" ** ***** **** ****, *** would *** ********** *********** ** *** ******, **** "***** ** the ********. **** ** ******* #*". *** ****** *** ***** would **** ********* ** ******** **** *** ******* **** ******* #1, *** ** ** **** ***** ****** ** ****** **** query, ******* **** ** *** **** ****** * **** ** duplicate. ****** *** ****** ******* ** ******** *** **** ****** an ************ ******* *** ******* * ********.

Avatar

Michael Gonzalez

In reply to Brian Karas | 01/17/18 07:51pm

*************, *** *** **** **** *** *** *** ** *** generation ** * *** ******* ****** ******* ** *** ******* bandwagon. ****'* ********* *** * ******** ***** ********** *** ********. Glad * **** **** ****** ***...

Undisclosed Integrator #4

In reply to Michael Gonzalez | 09/04/18 10:54pm

**** *********** * *** ***********. *********** *** *** ***** *** often ********* **** *******, ** *** **** (*************) *** *** privilege ** ***** ****...

Randy Lines

01/18/18 05:28pm

**** ** ***** ** *********** *** ** ** ****** ****! I **** ******* ***** ***** ** * ******* ** ** time ***** ** ***** ********* *******. *** ***** **** ******* the **** ** **** ** ** *** ************** ** ********** not *** **** ***** *** **** ** *************** ****.

***** *******!

Undisclosed #2

09/03/18 07:44pm

**** **** ******: *****://***.******.***/*****/**************/****/**/**/*******-*****-******-****-****-**-***-********

*** *** ***** *****'* ******* **** **** ******* **** ** be ********.

Undisclosed #3

In reply to Undisclosed #2 | 09/04/18 12:26am

**** *** ****** *****:

"********* **** ******** ***** *** **** ** **** ********* ** fix *** *******, ****** ** ****** ** ***, **’* ******* a ****** ** ******** ** *** ******** ****. ****’* ******* the ******** ***** ******* ****’* **** ****** ****** ** **** with *** ************ ** *** ********, ********* ****."

Undisclosed #2

In reply to Undisclosed #3 | 09/04/18 12:42am

****

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

From The Basement To Buried Behind Chinatown: ISC West Emerging Technology Zone on Feb 22, 2019
What does ISC West think about 'Emerging Technology'? Well, last year, they put those companies in the basement. This year, they moved them up to...
Private School IT Manager Surveillance Interview on Feb 22, 2019
This IT manager describes himself as the "oft-maligned IT person" whose "opinions may not always be appreciated by the integrator crowd." But he is...
Outdoor Camera Mounting Hardware Guide on Feb 21, 2019
Mounting cameras outdoors can be challenging, requiring understanding different types of equipment and methods. In this guide, we teach this...
HID Favorability Results 2019 on Feb 21, 2019
HID favorability results were strong, in the 2019 IPVM integrator study of 200+ integrators, with a net +62% and low negativity as the table below...
First US State, Vermont, Bans Dahua and Hikvision on Feb 21, 2019
The first US state, Vermont, has issued a ban on a number of Chinese and Russian manufacturers including the world's 2 largest video surveillance...
ADI 'SAVE BIG' On FLIR And Hikvision Examined on Feb 20, 2019
One is a major US defense supplier. The other is owned by the Chinese government. But you can "SAVE BIG" on both at ADI. In this note, we...
BluB0x Company Profile on Feb 20, 2019
BluB0x has doubled in revenue every year since its founding in 2013, according to CEO Patrick Barry. We originally reported on them in 2015. At the...
Massive Leak Of Chinese VMS Provider Exposes Xinjiang Surveillance on Feb 20, 2019
A subsidiary of China’s claimed largest VMS provider is tracking the precise location and ethnicity of millions in China’s Xinjiang region,...
Security Installation Tools Guide - 22 Tools Listed on Feb 19, 2019
In this guide, we cover 22 tools that security installers frequently use. This is one part of our upcoming Video Surveillance...
Sales Cuts At Rasilient on Feb 19, 2019
Over the past 2 years, video surveillance storage specialist Rasilient has expanded its workforce significantly, aiming to build its own branded...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact