Skip to main content
Red团队 Quoted In CNN Article On AMX Backdoor

今天, Red团队 Security was asked to provide commentary on a CNN Money breaking news story regarding the discovery of a hidden backdoor within a popular conference calling product built by AMX. AMX manufactures conference calling equipment used by many organizations world wide, including the US Government.

The recently uncovered re搜索 shows the company hard-coded backdoor access into its system. AMX created a "secret account" with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.

What's More: Analysis of the hard-coded account credentials proved to be merely obfuscated with Base64 encoding — an extremely primitive method for obfuscating information, let alone sensitive data like passwords. Anyone with a computer and a free copy of 奥丽Dbg has the necessary tools to discover and decode the hard-coded username and password for these systems.

Credits: CNNMoney (New York)
Photo credits: Getty/CNNMoney

Get a FREE security evaluation today and reduce your organization's security risk.
Schedule My Call Schedule My Call

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at (952) 836-2770 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your Red团队 security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, 包括OSCP, 卡斯商学院, CPT, CISSP,更.

研究-Focused Approach

We hold industry-leading certifications and dedicate part of every day to re搜索 the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, Red团队 will schedule your retest at no additional charge.
友情链接: 1 2 3 4 5 6 7 8 9 10