Researcher Jose Bertin has identified critical security vulnerabilities in a building controller made by Russian firm Tekon Avtomatika (Tekon.ru).
Jose Bertin, an IT security researcher, has identified critical vulnerabilities in Tekon Avtomatika’s building controllers, which, if exploited, can lead to remote hacking of building controllers used by a vast number of Russian organizations.
For your information, Tekon manufactures equipment and software for building systems such as elevators. It mainly produces SCADA devices, including hubs, controllers, and Modbus devices, and owns a significant chunk of the Russian market.
Over 100 Devices Vulnerable to Hacking
Bertin claims to have discovered 100+ internet-connected devices made by Tekon vulnerable to hacking. A Shodan research also indicated more than 100 Tekon controllers, dubbed by the company as engineering equipment controllers, at risk. However, as per Shodan’s results, around 117 vulnerable devices were located in Russia and 3 in Ukraine, as noted by Eduard Kovacs of SecurityWeek.
What is the Issue
According to the researcher, all vulnerable devices are using default credentials. It is worth noting that using default credentials makes IoT devices vulnerable to remote attacks because these allow any user access to the Tekon controller’s user interface with admin privileges.
However, Bertin wrote that not every user can connect to them and make changes as only admin users can exploit the device. The researcher further stated that he had found a way to execute code with root privileges.
To achieve this, he had to abuse an add plugin feature. The plugins are LUA scripts added in a specific section of the user interface. So, users can upload a plugin file and execute it by clicking on Save/Load button.
Bertin has confirmed creating a proof-of-concept script to obtain root privileges and gain complete control of the targeted device that would let him cause considerable damage.
“I got RCE and privilege escalation from an admin user to root. Now we can do whatever — more critically those devices can be shut down at once, creating an impact in Russian SCADA systems, remotely.”
Bertin explained that an attacker can perform “dangerous actions,” Bertin explained, such as shutting down the device or implanting a backdoor. Since there are 100 vulnerable devices, the attacker can place them in building elevators and SCADA environments, the consequences of which would be drastic.
Hackers especially Anonymous hacktivists have sided with Ukraine over the ongoing conflict with Russia. Since then, the group has targeted the critical infrastructure of the Russian government, financial and private organizations. The fact that Bertin’s report is out in public highlighting how hackers can exploit these vulnerabilities put Russian targets at even higher risk.