Posted by Jeremy Hellstrom | Mar 9, 2023 | General Tech | 0
The Akuvox E11 sounds like an interesting door camera as it has the ability to opens doors, capture live video and audio, snap a picture of anyone walking by and creates a logs of entries and exits in real time. All that power in a small IoT device would be handy, assuming that it was also well secured to prevent unauthorized usage. Sadly, it is a security nightmare and the 13 flaws revealed in this article are bad enough you should probably go unplug it before reading on. Landline Vintage Phone
Several of the features do not require proper authentication and there are also hardcoded keys that are encrypted using accessible keys. The still pictures it captures are uploaded to an unencrypted FTP into a directory that anyone can view and download from. It was also discovered there were ways around authenticating when accessing via a web interface, from which you could control most of the features. As if that wasn’t bad enough, the phone app that talks to the Akuvox E11 can be leveraged in the same way.
Akuvox, the company which made this security nightmare has not responded to multiple attempts by Claroty and the CERT organizations to reach them, so if you have an Akuvox E11 or know someone that does, turn it off and don’t turn it back on again!
Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.
Your email address will not be published. Required fields are marked *
Vintage Military Phone This site uses Akismet to reduce spam. Learn how your comment data is processed.