DTEN is a reasonably successful and popular brand of Smartboard and Smart TV for business settings. With that in mind, we read this from Wired.com:

Touchscreen smart TVs from DTEN, a “certified hardware provider” for popular video conferencing service Zoom, have flaws that hackers could use to essentially bug conference rooms, lift video feeds, or nab notes written on the device’s digital whiteboard.

Security firm Forescout discovered the vulnerabilities in July when its researchers turned their bug hunting skills on the video conferencing units sitting in their own office meeting rooms.

One issue that jumped out at the researchers: The DTEN system stored notes and annotations written through the whiteboard feature in an Amazon Web Services bucket that was exposed on the open internet. This means that customers could have accessed PDFs of each others’ slides, screenshots, and notes just by changing the numbers in the URL they used to view their own. Or anyone could have remotely nabbed the entire trove of customers’ data. Additionally, DTEN hadn’t set up HTTPS web encryption on the customer web server to protect connections from prying eyes.

The researchers also discovered two ways that an attacker on the same network as DTEN devices could manipulate the video conferencing units to monitor all video and audio feeds and, in one case, to take full control. DTEN hardware runs Android primarily, but uses Microsoft Windows for Zoom. The researchers found that they can access a development tool known as “Android Debug Bridge,” either wirelessly or through USB ports or ethernet, to take over a unit. The other bug also relates to exposed Android factory settings. 

These weren’t just unforeseen bugs, but poor design decisions and cutting of corners. The IoT is amazing because it allows us to leverage control and digital feedback into everyday processes – but it also vastly increases the breadth and width of exploitable surface area. Closer attention now has to be paid not just to the main technology units, but to the technologies in the gaps – the “Internet of Things of Things”, if I may coin the term.

This is the biggest problem currently facing the IoT – lots of fancy engineering with very little attention paid to security. It’s like moving into a mansion with a fully equipped kitchen, movie theater, gym, and bowling alley – only to discover that none of the doors lock. The interconnecting components and technologies which faciliatate the Internet of Things are just as vulnerable, if not more so, then the Things themselves.

Categories: Cybersecurity

Tags: Cybersecurity, Internet of Things, IoT