Conference room hardware hack symptomatic of more general malaise, warn security researchers

The increased sophistication of voice-enabled smart speakers, combined with the rise of online meeting technologies such as Zoom has created an increasing and often overlooked IoT security risk.

Security researchers at Grimm hacked a Stem Audio Table conference room speaker to illustrate the more general point that the latest cameras and microphones contain built-in processors, leaving them more open to compromise as a result.

“What seem like ordinary commodity devices are, in fact, reasonably capable computing machines with attack surfaces very similar to traditional PCs,” according to the researchers.

Catch up with the latest IoT security news

After examining the Stem Audio Table speakerphone, the researchers said they were able to carry out a remote code execution attack that created the means to eavesdrop on conversations or other exploits within the vicinity of a compromised device.

The RCE vulnerability arises because of a stack-based buffer overflow (memory handling) flaw, they said.

Researchers also found a command injection vulnerability on the device. The flaw is the result from shortcomings in the sanitization of user-supplied inputs.

All of the vulnerabilities were fixed in a security patch released by Stem Audio in June.

Conference control

A lack of control interface authentication and shortcomings in encryption were also discovered during testing of the Stem Audio Table, as illustrated in a technical blog post.

The issues identified were reported to Shure, which owns the Stem brand. The researchers were told that updates resolve the reported issues.

Grimm, the team of researchers who carried out the study, argued that the flaws uncovered were typical of those found in IoT devices.

“While Grimm’s research efforts targeted this particular device, the vulnerabilities and design flaws identified by Grimm follow similar patterns to vulnerabilities discovered in other networked Video Teleconferencing devices throughout the small commodity hardware industry,” the researchers said.

“As such, similar issues are undoubtedly present in related devices such as VoIP phones, network-connected cameras, and many ‘smart’ devices that are part of the Internet of Things (IoT) space.”

RECOMMENDED Dual vulnerability combo in popular CMS Joomla could lead to ‘full system compromise’

The Daily Swig approached Grimm to share any red flags that can preemptively help to indicate security shortcomings in IoT devices.

In response, a Grimm spokesperson explained: “Determining which tech is actually safe is usually a labor-intensive task by senior researchers, but there are some things that tend to be correlated with more secure products [such as] automatic updates, a way researchers could report issues to the company, security bulletins, [and] firmware availability.”

Organizations can protect themselves by following simple mitigations such as unplugging devices when not in use and connecting devices via USB instead of to the network, Grimm advises.

RELATED Bluetooth pairing, pwned: Security researchers discover fresh wave of flaws in wireless tech