Vulnerability in Portrait Display service; millions of IoT devices affected

A bloatware could be a tricky subject to discuss considering that they are pre-installed in most of the IoT devices, but what if a vulnerability is found in one of the bloatware? Could it create havoc? Millions of users could be affected by even a tiny flaw in a bloatware.

Well, this is exactly what happened a few days ago! A simple bloatware used to serve as a virtual on-screen display has been found to have severe flaws. The worst part; it was used in millions of PCs and laptops including Fujitsu devices, HP devices and some of the Philips devices.

You might have known this bloatware as “HP Display Assistant, HP Display Control, HP My Display, or HP Mobile Display Assistant, Fujitsu DisplayView Click, and Philips SmartControl.” If you ever used one of the above-mentioned ones there’s a good chance that you could be one of the affected victims.

According to Viennese security firm SEC Consult, the bloatware could be exploited by hackers to gain administrative access to the infected devices via changing services binary path by executing arbitrary code. Furthermore, hackers can also use the exploit to download payloads, malware and do essentially anything he wishes to, once the hacker gets admin privileges.

  •  

Relief: Lucky for us, the security researchers notified the bloatware maker “Portrait Displays Inc” about the vulnerability and the security experts have already started on patching this vulnerability. In Fact, the vendor has already published the patch on their official website:

You can download the patch here: http://www.portrait.com/securityupdate.html

Furthermore, you can also get rid of this critical flaw by using a method described by Security researchers of Sec Consult.

Here’s what you need to do:

1. Tap on the Windows-key, type cmd.exe, hold down the Shift key and Ctrl key and hit the Enter key to launch an elevated command prompt.

2. Run the following command: sc sdset pdiservice D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA) (A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU).


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Jahanzaib Hassan