Saturday 13 December 2014

Hackable intercom lets you SPY on fellow apartment-dwellers

Kiwicon Kiwi hacker Caleb "alhazred" Anderson has popped a video intercom device that could have allowed him to spy on the 700 apartments in his building. The GrandStream GXV3175 intercom unit has been patched after Anderson - who by day serves as Context Information Security's lead consultant - began the attack while "inspired" by a hangover.
Caleb Anderson. By Darren Pauli
"I thought one day 'I bet I can hack that (the GXV3175) and get a feed into every one of the 700 apartments in my building'," Anderson told the Kiwicon hacker confab in Wellington today.
"The unit looks exactly normal, you can't see that it's hacked by looking at it."
Anderson found directory traversal and command injection flaws that, among other bugs, granted access to intercoms.
Anderson did not access any of the units in his apartment and merely demonstrated that the feat was possible.

No comments:

Post a Comment