The STEM Audio Table conference-room speaker has a security vulnerability that would allow unauthenticated remote code execution (RCE) as root – paving the way for eavesdropping on conversations, denial of service, lateral movement throughout enterprise networks and more. And, there are multiple additional security issues as well, according to GRIMM researchers, all of which would allow an attacker to interfere with the device. The STEM Audio Table is a high-end, nine-speaker smart device, shaped like a large puck, that sits on a conference table to enable whole-room conferencing. It can also be used with other devices to, say, enable video calls. It sports a web-based control interface and connects via the internet to download firmware updates. “Modern business often relies heavily on the Internet and software resources such as Zoom or Skype to support daily operations. Use of such systems often requires additional hardware resources like microphones and cameras,” researchers noted. “What were once mechanical or analog devices are now increasingly being redesigned with embedded processors. This change in direction implies that what seem like ordinary commodity devices are, in fact, reasonably capable computing machines with attack surfaces very similar to traditional PCs.” RCE Security Bugs GRIMM said that the RCE bug is a stack-based buffer overflow issue, located in the “local_server_get() and sip_config_get() in stem_firmware_linux_2.0.0.out” function. The…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-06-10 14:58:002021-06-10 14:58:00STEM Audio Table Rife with Business-Threatening Bugs
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com