Researchers are warning in regards to the risks posed by a low-cost device that may give insiders and hackers unusually broad powers in compromising networks.
The devices, which usually sell for $30 to $100, are generally known as IP KVMs. Administrators often use them to remotely access machines on networks. The devices, not much greater than a deck of cards, allow the machines to be accessed on the BIOS/UEFI level, the firmware that runs before the loading of the operating system.
This provides power and convenience to admins, but within the mistaken hands, the capabilities can often torpedo what might otherwise be a secure network. Risks are posed when the devices—that are exposed to the Web—are deployed with weak security configurations or surreptitiously connected to by insiders. Firmware vulnerabilities also leave them open to distant takeover.
No exotic zero-days here
On Tuesday, researchers from security firm Eclypsium disclosed a complete of nine vulnerabilities in IP KVMs from 4 manufacturers. Essentially the most severe flaws allow unauthenticated hackers to achieve root access or run malicious code on them.
“These are usually not exotic zero-days requiring months of reverse engineering,” Eclypsium researchers Paul Asadoorian and Reynaldo Vasquez Garcia wrote. “These are fundamental security controls that any networked device should implement. Input validation. Authentication. Cryptographic verification. Rate limiting. We’re the identical class of failures that plagued early IoT devices a decade ago, but now on a tool class that gives the equivalent of physical access to every part it connects to.”
