Researchers are warning concerning the risks posed by a low-cost device that may give insiders and hackers unusually broad powers in compromising networks.
The devices, which usually sell for $30 to $100, are often called IP KVMs. Administrators often use them to remotely access machines on networks. The devices, not much greater than a deck of cards, allow the machines to be accessed on the BIOS/UEFI level, the firmware that runs before the loading of the operating system.
This provides power and convenience to admins, but within the incorrect hands, the capabilities can often torpedo what might otherwise be a secure network. Risks are posed when the devices—that are exposed to the Web—are deployed with weak security configurations or surreptitiously connected to by insiders. Firmware vulnerabilities also leave them open to distant takeover.
No exotic zero-days here
On Tuesday, researchers from security firm Eclypsium disclosed a complete of nine vulnerabilities in IP KVMs from 4 manufacturers. Essentially the most severe flaws allow unauthenticated hackers to achieve root access or run malicious code on them.
“These will not be exotic zero-days requiring months of reverse engineering,” Eclypsium researchers Paul Asadoorian and Reynaldo Vasquez Garcia wrote. “These are fundamental security controls that any networked device should implement. Input validation. Authentication. Cryptographic verification. Rate limiting. We’re taking a look at the identical class of failures that plagued early IoT devices a decade ago, but now on a tool class that gives the equivalent of physical access to every thing it connects to.”