Researchers are warning about the risks posed by a low-cost device that could give insiders and hackers unusually wide powers to compromise networks.
The devices, which typically sell for $30 to $100, are known as IP KVMs. Administrators often use them to remotely access machines on the network. The devices, no larger than a deck of cards, allow machines to access the BIOS/UEFI level, the firmware that runs before the operating system is loaded.
It provides administrators with power and convenience, but in the wrong hands, the capabilities can often torpedo what might otherwise be a secure network. Risks arise when devices – which are exposed to the Internet – are deployed with weak security configurations or are secretly connected to insiders. Firmware vulnerabilities also leave them open to remote takeover.
There is no foreign zero-day here
On Tuesday, researchers at security firm Eclypsium revealed a total of nine vulnerabilities in IP KVM from four manufacturers. The most serious vulnerabilities allow unauthenticated hackers to gain root access or run malicious code on them.
“These are not exotic zero-days that require months of reverse engineering,” wrote Eclypsium researchers Paul Asdourian and Reynaldo Vasquez Garcia. “These are the fundamental security controls that any network device should implement. Input validation. Authentication. Cryptographic validation. Rate limiting. We’re looking at the same class of failures that plagued early IoT devices a decade ago, but now on a device class that provides the equivalent of physical access to everything that connects to it.”
<a href