Akuvox smart intercom contains critical flaws for spying

March 20, 2023
Akuvox Smart Intercom Critical Flaws Vulnerability Exploit Spying

The Akuvox smart intercom has several new critical vulnerabilities that could let an attacker exploit and use it for malicious purposes. Researchers said the affected entity has yet to release a patch for the issue.

The cooperation of three concerned cybersecurity entities allegedly obtained the characteristics of the flaw. Moreover, these researchers claimed that they have already tried to report their discoveries to the vendor since last year. Unfortunately, the security flaws remained on the system until today.

 

The new product of Akuvox smart intercom might have caused the emergence of these vulnerabilities.

 

According to investigations, the E11 product of Akuvox smart intercom contained several vulnerabilities that could let an attacker spy on a user. The E11 developers endorsed the product as a video door phone for homes, villas, warehouses, and offices.

In addition, the new product includes live video streaming, motion, detection, and access control capabilities. Unfortunately, the product has reached numerous users worldwide.

The researchers claimed approximately 13 flaws related to poor encryption, usage of hardcoded cryptographic keys, insecure password recovery features, and misconfigured access control and authentication. Sensitive data exposure, missing authorisation, and obscured hackers could abuse the functionality for malicious purposes.

Experts classified most of these flaws as critical and severe since attackers could obtain abilities like RCE, allowing them to conduct spying operations against the target.

Furthermore, a hacker could abuse the critical vulnerabilities to target an Akuvox smart intercom device; hence they could establish persistence on a targeted network and add malicious attacks if needed.

The worst thing about these flaws is that hackers could exploit them without authentication. Cyberattacks could start directly from the internet if the targeted device is connected to the web.

Akuvox smart intercom E11 users should ensure that their devices are not linked to the internet since it is better to isolate them to avoid infection from hackers.

Experts suggest that changing the default password from the web interface could also help the E11 users thwart such threats posed by these newly discovered vulnerabilities.

About the author

Leave a Reply