Several glaring vulnerabilities affecting the Stem Audio Table conference room speaker could be exploited by attackers to listen to what is being discussed nearby, download malware, achieve and maintain network persistence, and more have been discovered GRIMM researchers.
Stem Audio Table conference room speaker vulnerabilities
CVE numbers have not yet been assigned, but the vulnerabilities found include:
- Stack buffer overflow and command injection flaws that could allow attackers to execute arbitrary code as root on the device
- Bugs that could be exploited to bypass the (weak) authentication mechanism to access the web GUI, find out the current password, and control the device
- Improper use of encryption in the communication between the STEM Audio Table device and the Web GUI
- unsigned update packages (tarballs)
These are present in versions 2.0.0 and 2.0.1 of the device firmware.
“VoIP devices like the STEM audio table are essentially microphones connected to the network. Their compromise, through the described RCE vulnerabilities, could allow attackers to passively eavesdrop on nearby conversations and quietly maintain network persistence, ”the researchers explained.
“Such a foothold within an organization provides a stable position for other network operations, data collection and monitoring from a device that is unlikely to attract much attention. Without proper isolation of devices on the network, collected data can easily be exfiltrated over the internet to attackers. “
The vulnerabilities that allow access to the control interface can be used to render the device temporarily unusable or to collect the device administrator password. The fact that the device does not check the signatures of the updates served means that attackers can easily provide malicious updates.
“Although GRIMM did not analyze all of the services running on the Stem Audio Table device, it was noted that all of the observed services were running under the root user. The impact of this design decision is that any other exploitable vulnerability within these services could provide attackers with root privileges, ”they noted.
A sign of a larger problem
While Shure, Stem’s parent company, has responded quickly and pushed for necessary security updates, it’s unfortunate that they introduced these vulnerabilities in the first place.
It is also unfortunate that these vulnerabilities and design flaws are, according to the researchers, common in other network video conferencing devices throughout the computer hardware industry (VoIP phones, network connected cameras, other devices ” intelligent ”).
“This is a case study showing the risk inherent in modern video conferencing devices and why these types of products should undergo a certain level of security review prior to purchase,” Adam Nichols , security researcher at GRIMM. underline.
And if you are okay with the worst case scenario, like a microphone secretly listening in at all times, then don’t make any effort to think about it. It is a completely legitimate option. But whatever you do, make it a conscious decision.
And always test your hypotheses.
– Adam (@ AdamOfDc949) June 9, 2021
He advises companies to audit devices before deploying them within the corporate infrastructure, to implement appropriate network isolation, to research how the company treats security (for example, to consult the advisories of security) and search for blog posts from security researchers who have previously investigated the product.