Critical vulnerabilities in Telestar IoT radio devices could enable attackers to remotely capture systems

Hackers can also transmit audio as commands and force a play stream using the security bugs

Security researchers have uncovered critical vulnerabilities in Internet of Things (IoT) radio devices manufactured by Telestar Digital GmbH, which could allow hackers to hijack systems.

The vulnerabilities were discovered by the researcher from security firm Vulnerability-Lab and were disclosed on Monday under coordinated public disclosure.

Benjamin Kunz, a researcher at Vulnerability-Lab, revealed that a few months back, his team members were investigating an anomaly in a private network when they noticed an undocumented telnetd service linked with the web radio terminals of Telestar Digital.

A closer look into it revealed that the Telnet service was on Port 23, and could be addressed externally as port forwarding was activated for all ports on the network.

The radio devices in question were from Telestar's Imperial & Dabman Series I and D product line. These devices include DAB stereos and portable radios, which are sold in several European countries by resellers through eBay, Amazon. They are based on BusyBox Linux Debian and have Bluetooth, WiFi, Web GUI and httpd web server on board.

According to Kunz, weak password security in the system enabled them to crack the Telnet service password and get root access with full privileges, within 10 minutes of testing using a brute force technique. They were also able to edit every file and folder available in case of that radio device and "to fully compromise" it.

The vulnerabilities could enable threat groups to change device names, to save audio files as messages, to transmit audio as commands and to force a play stream, according to Kunz.

"In the worst case a remote attacker could modify the system to spread remotely ransomware or other malformed malicious viruses / rootkits / destructive scripts. He can also use the web-server to be part of an IoT botnet," the researcher said.

Over one million IoT radio devices are at risk due to these security flaws, Kunz said on Facebook.

Telestar Digital GmbH was notified by Vulnerability-Lab about their findings on 1 June, and by 30 August, the company was ready with a patch to fix the issue.

Since that time, the vendor has revised the lax password use in its system and also updated the telnetd service.

Users can implement automatic updates via WiFi. To do that, they will first need to set their devices back to factory settings and then accept the download of the latest firmware version.

According to Telestar Digital, there has been no report, so far, of vulnerabilities being exploited in the wild by any threat group.