June 14, 2021

TheHSecurity: Back door in HP network storage solution

HP’s P2000 G3 MSA Storage Area Network (SAN) product contains an hidden and undocumented account with more privileges than the normal customisable account (manage:!manage). Apparently included for support purposes, the account (admin:!admin) is not visible in the user manager and can’t be deleted or modified. It allows unauthorised users to access these systems and the data stored there.

Read the full story here.


Hacker Creates Modified Symbian S60 Firmware with Hidden Back Door

Professional security researcher, hacker and MalCon speaker Atul Alex has analyzed the firmware for the Symbian S60 smartphone (which also runs on the Nokia 5800, Nokia X6, Nokia 5530XM, Sony Ericsson Satio and Sony Ericsson Vivaz) and created a modified firmware with a back door which allows a 3rd party to record telephone calls and download emails, telephone lists and text messages from the phone’s memory.

To use the back door, the new firmware must be downloaded on to the target phone in a manoeuvre reminiscent of the best Hollywood spy films. The compromised firmware, which is created by modifying version 5 of the original software, allows all of the smartphone’s functions to be remotely controlled, including the camera.

Once installed, the hack contacts the attacker via a wireless connection and transmits the device’s current IP address. The attacker can then connect to the phone remotely and any stolen data can be transmitted via 3G or WLAN to the attacker’s file server.

The H are reporting that the back door uses a technique to hide the extra process from the system’s TaskManager. The only way to remove the back door is to overwrite the firmware with Symbian’s original software.

Back door exploit for Android phones

A security expert working at Alert Logic has published a demonstration back door exploit for smartphones running Android. Criminals could use the principles of this exploit to gain control of a phone and install trojans. A potential victim need only call a malicious web site for infection to occur.

Read the full story here.