Skip to main content
  1. Home
  2. Computing
  3. News

Backdoors found in AMX audio-visual equipment sold to government

By

government av equipment back doors amx harman solutions
Harman, owner of AMX, displays government-specific hardware solutions at Hilton Hawaiian Village Waikiki Beach Resort. Image used with permission by copyright holder
AMX, a company that produces audio and visual (AV) control systems designed for conferencing, has been accused of installing a deliberate backdoor in a number of its products, that makes it possible to set up an admin account that can sniff the local network, without prior privileges. Although it denies it, AMX appeared to update software in an attempt to obfuscate the flaw in its security, rather than fix it.

The flaw was originally picked up by Austrian digital security firm, SEC Consult, last year when it discovered the the AMX NX-1200 had a routine in place called “setUpSubtleUserAccount.” When that function was enabled it could set up an admin-level account with a hard-coded password, that let it capture data packets from the network the device was connected to.

Recommended Videos

Even more damning is the fact that this created account was also deliberately hidden from the plain-text list of administrative accounts.

Although it is suggested that most AMX hardware would require network connectivity to be able to login to the device, Ars did find some that are connected to the internet and are publicly accessible. That means that, in theory, someone could enable this feature; login remotely and sniff traffic on the network, compromise other accounts, and steal user data; or just listen in to the conferences as they are ongoing.

More worrying still, is that this sort of hardware is sold to many sensitive organizations. According to AMX’s own website, it’s sold AV systems to government, military, educational and healthcare organisations, theoretically creating huge security loopholes in very sensitive environments.

There is also growing evidence that none of this was an accident or created by a wayward employee at AMX. SEC Consult initially contacted AMX about the issue back in March 2015. No response was received for a full seven months, at which time an update was released which AMX claimed had fixed the security problem.

Further investigation revealed however, that although the original subtle admin account was gone, a new backdoor appeared with an almost identical function. When SEC Consult pointed this out to AMX and again received no response, it went public with its concerns.

A public statement has since been released by the AV equipment firm, stating that neither backdoor had anything to do with one another and were not intended for hacking purposes. Instead they were said to be useful diagnostics tools for maintenance, which it says are not accessible from exterior sources. It did however still decide to end support for the original backdoor in its update, so clearly it does see some potential for security issues.

Another update was recently released, however, which may well have shored up all of the backdoors. Or perhaps it will have just hidden them in a more difficult-to-spot manner.

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Power up your tech game this summer with Dell’s top deals: Upgrade for a bargain
Dell Techfest and best tech on sale featured.

One of the best times to upgrade your tech stack, be it your desktop, a new laptop, or some high-resolution monitors, is when great deals are to be had. Well, I'm here to share that thanks to Dell's top deals, you can power up your tech game and have most of the summer to make it happen. Maybe you're happy with your current system or setup. That's excellent, but you're likely considering upgrading somewhere, and that's precisely what these deals are all about. Dell has a smorgasbord of deals on laptops, desktops, gaming desktops, monitors, accessories, and so much more. We'll call out a few of our favorite deals below, but for now, know that you should be shopping this sale if you're interested in anything tech-related.

 
What summer tech should you buy in Dell's top deals?

Read more
I love the MacBook Pro, but this Windows laptop came surprisingly close
Apple MacBook Pro 16 downward view showing keyboard and speaker.

There are some great machines in the 15-inch laptop category, which has recently been stretched to include the more common 16-inch laptop. The best among them is the Apple MacBook Pro 16, which offers fast performance for tasks like video editing and the longest battery life.

The Lenovo Yoga Pro 9i 16 is aimed not only at other 16-inch Windows laptops but also at the MacBook Pro 16. It offers many of the same benefits but at a lower price. Can it take a place at the top?
Specs and configurations

Read more
How to set an ‘Out of Office’ message in Microsoft Teams
Person using Windows 11 laptop on their lap by the window.

Many people use Microsoft Teams regularly to communicate with colleagues both inside of the office and remotely. It is considered one of the most efficient ways to ensure you can stay in contact with the people on your team, but what if you need to let people know you’re not readily available? Microsoft Teams has a method for you to set up an "Out of Office" status for your profile to let staff members know when you’ll be gone for the afternoon, for several days on vacation, or for an extended period.
Where do I go to set up my ‘Out of Office’ status for Teams?
It is important to note that your Microsoft Teams and Outlook calendars are synced. This includes your out-of-office status and automatic replies. So, whatever you set up in Microsoft Teams will reflect in Outlook. Similarly, you can set up your out-of-office status in Outlook, and it will be reflected in Teams; however, the former has a more straightforward instruction.

First, you can click on your profile icon in Teams and go directly to Schedule an out of office, as a shortcut. This will take you to the settings area where you can proceed. You can also click the three-dot icon next to your profile icon, then go to Settings > General, then scroll down to the bottom of the page. There, you'll find out-of-office settings and click Schedule.

Read more