Feeds

Spy platform zero day exposes cops' wiretapped calls

Laundry list of fail includes backdoor, remote unauth access to intercept box

Intelligent flash storage arrays

National security boosters have just taken a kick to the ego, with revelations that hackers can access exactly the kind of wiretap kit they believe should be deployed in every ISP and telco around the world.

The zero-day that's turned up in kit from New Jersey outfit NICE would give attackers access to wiretapped voice recordings along with names and email addresses for suspects monitored by police.

The flaws affect the NICE's Recording eXpress voice recording product, which targets police and law enforcement agencies.

Prolific fail flaunter, SEC Consult Vulnerability Lab, quietly disclosed nine flaws to NICE and went public after five holes remained unpatched nearly six months after being reported.

The flaws included a root backdoor and remote unauthenticated access to intercepted voice recordings. Hackers could also break into the voice recording server and move laterally to launch further attacks against internal voice virtual local area networks.

The security bods strongly recommended cops stop using the platform until the flaws were fixed and further testing was done.

NICE comms director Erik Snider said customers were notified of the flaws and downplayed the risk of attack.

"We have been addressing the issues based on priority, and can confirm that we have already resolved almost all of them, and expect the remaining fixes to be completed shortly," Snider said.

"We do not believe any of our customers have been impacted by the items raised in this report, as these systems are deployed in a very secure environment and are not accessible outside of the organisation."

He did not respond by the time of publication to El Reg's request to explain how the platform was not accessible outside organisations.

The backdoor was a hidden and hard coded administrator account within the platform's MySQL deployment and together with exposed voice recordings was the most severe of the published vulnerabilities.

"For example, unauthenticated attackers are able to gain access to exported lists of user accounts that are being monitored/recorded. Attackers gain access to detailed information such as personal data like first/last name, email address and username/extension," researchers Johannes Greil and Stefan Viehböck wrote in a disclosure.

Multiple cross site scripting and SQL injection flaws were also reported. The penetration testers said further critical vulnerabilities were assumed present. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.