The advancement in technology offers not only convenience but also security, safety, and protection in our modern lives. One of these advancements is the Smart Building Access Systems. However, a new report claims that it is now the favorite subject of attackers for launching DDoS attacks.
On May 2019, Applied Risk, a cybersecurity firm that specializes in industrial security services published a report based on its research titled "Nortek Linear eMerge E3-Series 1.00-06 Multiple Vulnerabilities." According to the report, hackers can obtain default passwords and determine internet-connected target systems quickly. It is because passwords are in the product documentation, and its compiled lists are accessible on the Internet.
Hackers easily identify exposed systems by utilizing engines like Shodan. The report aligns with that of SonicWall. The report states that attackers are using the Internet to hijack smart door or building access control systems. Attackers use this to launch their DDoS attacks.
Nortek Security & Control's Linear eMerge E3 is one of the victims of this current attacks. This product is installed in corporate headquarters, industrial parks, and factories. One of the major functions of this kind of product is to control the rooms and doors visitors and employees access given their access codes or smart cards.
On Nov. 2019, Applied Risk released the proof of concept exploit code, which it calls CVE-2019-7256. In a separate report released by SonicWall last week, researchers claim that attackers are using the Internet for exposed NSC Linear eMerge E3 devices. They then exploit one of the ten vulnerabilities to launch their attacks.
The vulnerability these hackers are exploiting is CVE-2019-7256. Applied Risk describes it as a command implant vulnerability. In other words, attackers could remotely deploy attacks, which even a lowly attacker could do. The report adds that the vulnerability can be remotely triggered because the PHP input used by the user is not cleared.
Hackers can deploy arbitrary commands with the highest level of privilege, according to Sonic Wall's report. Attackers used the CVE-2019-7256 vulnerability to take over the device. After the hackers download and install the malware, they could easily execute a DDoS attack on several other targets.
The first attack was reported last Jan. 09, 2020, courtesy of Bad Packages. Since then, attacks have continued with no report of potential fix from the company. As per SonicWall, these attacks are aggressively launched by hackers considering tens of thousands of attacks happen every day in over 100 countries all over the world. The US is the most heavily attacked country, according to the report.
