Several major vulnerabilities discovered on Barco's ClickShare system, a popular wireless presentation tool
In late December 2019, computer security company F-Secure discovered major security flaws on a popular presentation platform.
These security vulnerabilities discovered by the company's experts could allow any hacker with the ability to not only intercept information emanating from the platform but also manipulate that information during a presentation, steal login information, such as passwords or usernames as well as other confidential personal information. , run and install malware and backdoors that will allow them to access the terminal later without users' knowledge.
This article will also interest you: The social network Tik-Tok hit with a vulnerability
Barco's ClickShare is a collaborative interface presentations of content that may have come from several devices. This tool is the market leader in wireless presentation. In fact, it alone holds 29% of the market according to a futuresource Consulting's "Global wireless" report 2019 solutions presentation."
According to a senior cybersecurity consultant particularly in the Hardware business at F-Secure, Dmitry Janushkevich, hackers tend to be more and more interested in this genre tools whose popularity is no longer in doubt. In addition, it notifies that hackers prefer more this kind of guy. It is on the basis of this logical that he and his team decided to conduct this investigation. "These devices are so intuitive and practical that no one is suspicious of them, but this apparent simplicity is misleading. Behind, there are inner workings extremely elaborate, complicating the security process," Dmitry Janushkevich. He adds: "Everyday objects users blindly trust, therefore, are the most important best targets for hackers. These presentation systems have been very successful in business. So it seemed good to us to interest. »
Following a field analysis, the F-Secure consultant realized that ClickShare devices are much more used in enterprise. The popularity of these devices made them real targets for potential hackers. In light of this fact, an investigation has been launched conducted in a thorough manner over several months to fully analyse the devices used. That's when this, of course, uncovered several security flaws.
Of the security vulnerabilities discovered, 10 of them were identified as " Common Vulnerabilities and Exposures. short for CVE. In short, security vulnerabilities allow certain actions such as:
– Intercept transmissions and various shared information.
– Installing and running Backdoors or others malware on users' devices.
– The theft of information and passwords.
however so that hackers can exploit these security breaches, it is necessary for them to have physical access to devices. However, if the devices use the utilities by default, it would then be possible to make a manoeuvre distance.
"The primary objective of our testing was to install a backdoor to compromise these devices and steal the content of the presentations. Opening the perimeter was difficult, but once access was obtained, we identified multiple security problems. It was also easy to exploit these flaws once we knew more about the system," notes expert Dmitry Janushkevich. "For a hacker, this is a convenient and quick way to attack a business, and organizations need to learn about the associated risks. ».
Now access an unlimited number of passwords: