Feeds

Spy platform zero day exposes cops' wiretapped calls

Laundry list of fail includes backdoor, remote unauth access to intercept box

Remote control for virtualized desktops

National security boosters have just taken a kick to the ego, with revelations that hackers can access exactly the kind of wiretap kit they believe should be deployed in every ISP and telco around the world.

The zero-day that's turned up in kit from New Jersey outfit NICE would give attackers access to wiretapped voice recordings along with names and email addresses for suspects monitored by police.

The flaws affect the NICE's Recording eXpress voice recording product, which targets police and law enforcement agencies.

Prolific fail flaunter, SEC Consult Vulnerability Lab, quietly disclosed nine flaws to NICE and went public after five holes remained unpatched nearly six months after being reported.

The flaws included a root backdoor and remote unauthenticated access to intercepted voice recordings. Hackers could also break into the voice recording server and move laterally to launch further attacks against internal voice virtual local area networks.

The security bods strongly recommended cops stop using the platform until the flaws were fixed and further testing was done.

NICE comms director Erik Snider said customers were notified of the flaws and downplayed the risk of attack.

"We have been addressing the issues based on priority, and can confirm that we have already resolved almost all of them, and expect the remaining fixes to be completed shortly," Snider said.

"We do not believe any of our customers have been impacted by the items raised in this report, as these systems are deployed in a very secure environment and are not accessible outside of the organisation."

He did not respond by the time of publication to El Reg's request to explain how the platform was not accessible outside organisations.

The backdoor was a hidden and hard coded administrator account within the platform's MySQL deployment and together with exposed voice recordings was the most severe of the published vulnerabilities.

"For example, unauthenticated attackers are able to gain access to exported lists of user accounts that are being monitored/recorded. Attackers gain access to detailed information such as personal data like first/last name, email address and username/extension," researchers Johannes Greil and Stefan Viehböck wrote in a disclosure.

Multiple cross site scripting and SQL injection flaws were also reported. The penetration testers said further critical vulnerabilities were assumed present. ®

Internet Security Threat Report 2014

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.