Various flaws have been found in internet modules from Paradox Security Systems and researchers claim that these vulnerabilities can be used by cybercriminals to turn off security systems and insert themselves inside the network.
Researchers at a cybersecurity company called Critical Security found that the problem lies with the Paradox Security Systems IP150 and IP150+ internet modules. The modules that are vulnerable are used along with security alarm panels to monitor security alarms over the internet. According to Critical Security’s statement, there were over 30,000 public-facing modules that were recognized as being used by the company over the Shodan network.
Threat actors would be able to use these vulnerabilities to disarm physical security and gain access to the network which is connected with the IP150 or IP150+ modules. The company claims that it reverse-engineered a proprietary protocol that was being used by Paradox Internet modules which use a form of “security through obscurity” and its authentication layers use “paradox” as the password which can not be changed in the latest versions of the firmware.
The company also stated that they (Critical Security) used the hardcoded password as a method of exploitation remotely which allowed them to overwrite the firmware of an IP module over the internet and have it act as a backdoor to the network it is connected to.
Miroslav Lucinskij, the general manager of Critical Security, quoted in the press release statement that since the alarm systems are usually installed and managed by the security providers, homeowners and organizations may not even realize that a vulnerable device is present on their network. The company also claimed that they made the information public after their attempts to contact Paradox were not received.
The researchers who made the discovery recommend that users put the IP150 and IP150+ devices behind a firewall and grant permission to connect the device to whitelisted IPs only. Even more ideal would be to place the vulnerable device in an isolated network or disconnect it altogether. A technical blog post also discusses the communication protocol design flaws in detail.
Lucinskij hopes that this effort will help increase awareness about overall security, and that manufacturers will make more effort to secure their products because flaws in design allow malicious actors to disable the alarms which, in itself, is a huge threat.
A recently released research by the CyberNews team states that once a device has been connected to the internet, it needs to be given more attention in terms of guaranteeing security. Even in April, more than 380,000 cameras were found from the 30 most popular brands that could be accessed remotely. And 27 of them were selling the products with default credentials.
All of these are CCTV/IP cameras that have uses including CCTV surveillance, smart doorbell, baby camera, or commercial use. A published research from last week also found 38,000 VoIP devices identified worldwide with potential vulnerabilities.
Therefore, businesses must keep their software and firmware that they connect to the internet up to date and well-protected to avoid any security threats.