Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Many Vulnerabilities Found in Barco Wireless Presentation Systems

Researchers working for F-Secure have identified a dozen vulnerabilities in popular Barco ClickShare wireless presentation systems. While the vendor has patched the most serious vulnerabilities, the remaining issues are not easy to fix.

Researchers working for F-Secure have identified a dozen vulnerabilities in popular Barco ClickShare wireless presentation systems. While the vendor has patched the most serious vulnerabilities, the remaining issues are not easy to fix.

According to F-Secure, its experts analyzed the ClickShare devices after noticing how popular they were during their red team assessments. Their analysis was carried out over a period of several months and resulted in the discovery of vulnerabilities that can be exploited to intercept and manipulate presentations, steal passwords and other sensitive information, and install malware.

Some of the vulnerabilities require physical access to a device for exploitation, but others can be exploited remotely if the product’s default configuration has not been changed, F-Secure said.Barco ClickShare vulnerabilities

The vulnerabilities have been found in the ClickShare base unit, the client software, and the ClickShare button, which is the USB device used to start sharing content on available AV equipment.

According to Barco, ClickShare products are used by over 40 percent of Global Fortune 1000 companies. The device models confirmed to be vulnerable by F-Secure, the CS-100 and CSE-200, cost $1,000 and $1,750, respectively.

The vulnerabilities are related to the failure to disable a JTAG debugging interface, which could be abused by malicious actors; the use of shared encryption keys, which allows an attacker to create malicious software images; OS command injection flaws; the use of testing credentials that can be leveraged to issue commands and launch man-in-the-middle (MitM) attacks; flaws allowing malware to be planted on a device using a specially crafted USB drive; and the presence of weak, hardcoded credentials that give an attacker admin privileges on a device.

Researchers also discovered that Syslog data is transmitted over the Wi-Fi connection in clear text; that an attacker can plant arbitrary code that will get side-loaded into the ClickShare client process at start; that media streams are insufficiently protected; and that an attacker can manipulate file system content and make changes that would allow them to remotely log in to the device.

Barco has patched five of the most serious vulnerabilities, including ones related to hardcoded credentials, certificate chain verification, the presence of testing credentials, file manipulation, and command injection. However, several of the flaws can only be fixed through physical maintenance and F-Secure believes they are unlikely to get patched.

“Our tests’ primary objectives were to backdoor the system so we could compromise presenters, and steal information as it’s presented. Although cracking the perimeter was tough, we were able to find multiple issues after we gained access, and exploiting them was easy once we know more about the system,” explained F-Secure Consulting’s Dmitry Janushkevich. “For an attacker, this is a fast, practical way to compromise a company, and organizations need to inform themselves about the associated risks.”

Earlier this year, Tenable disclosed a total of 15 vulnerabilities found across eight wireless presentation systems, including ones made by Barco. Barco at the time was named as one of the few notified vendors that had released patches.

Related: New Mirai Variant Targets Enterprise IoT Devices

Related: Vulnerability Allows Hackers to Unlock Smart Home Door Locks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.