The digital home is becoming a reality, with the development and integration of internet of things (IoT) devices into everyday life. Unfortunately, with the convenience of “smart” features comes the risk of security vulnerabilities. One such vulnerability has been discovered in Akuvox Smart Intercoms, which if left unpatched, allow attackers to perform various spying activities.
What is Akuvox Smart Intercom?
An Akuvox Smart Intercom is a device that allows access control in commercial and residential buildings. The convenience of this device is that it can be managed remotely, providing users with audio communication and access control, all from their smartphone.
What Are the Vulnerabilities?
Researchers from Tenable discovered two vulnerabilities in the Akuvox Smart Intercom system. The more serious of the two is CVE-2020-17477, which is a severe command injection flaw that could be exploited to run arbitrary code with root privileges.
The second vulnerability, CVE-2020-17478, is an authentication bypass bug that could allow attackers to gain remote access to the intercom without requiring any credentials. This could allow attackers to take control of the intercom system, collect audio recordings, and even enable a camera, granting them the ability to spy on the surroundings.
What Are the Risks?
The risks associated with these vulnerabilities are what make them so concerning. Attackers with access to an Akuvox Smart Intercom would essentially have unrestricted access to private buildings, as well as the ability to spy on the inhabitants of said buildings. This could lead to serious consequences for both private individuals and commercial entities.
How to Protect Yourself
The first step to protecting yourself and your organization from these vulnerabilities is to upgrade to the latest version of the Akuvox Smart Intercom software. This should patch the identified vulnerabilities and protect the users from any potential malicious activities.
In addition, other security practices can help protect your organization from potential threats. For example, disabling unnecessary features, restricting access to admin accounts, and regularly changing passwords can all help reduce the risk of a security breach.
Call to Action
It’s essential to be aware of the risks that come with digital home devices and take steps to protect yourself. If you found this article informative, please share it with your friends and family so they can stay informed as well.