Digital signs left wide open with default password

#SecureAV #digitalsignage

Infosec News Ireland

Security researcher Drew Green has pried open an internet-connected digital signage system thanks to a default admin web interface password: an easily changeable password that allowed him into the web interface, from where he stumbled onto a chain of vulnerabilities that could allow a malicious attacker to upload whatever unsavories they?d like to display on people?s signage screens.

On Friday, 90 days after Green says he disclosed the vulnerabilities to the digital signage system maker, he published the specifics.

He had pulled apart the signage system for a client during a full-scope penetration test, and this system happened to be on the network. He couldn?t find anything else to dig into, so Green sunk his hooks into the signage system, named Carousel, which comes from Tightrope Media Systems (TRMS) and which his client was running on a TRMS-supplied device that Green says is ?essentially an x86 Windows 10 PC.?

View original post 853 more words

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s