The lack of proper security in IoT devices is a major concern in the cybersecurity world, and yet another insecure device has been identified that could allow an attacker to manipulate it.
This article will discuss an Infinias EIDC32 controller for a physical access control system that acts as the main control unit for a door, controlling the weigand reader and electronic lock on the door.
This particular device is a PoE device that communicates with a central server program that can be hosted on site or used with a cloud service. While many IoT devices have basic, obvious ways to access them, this article focuses on a method that works even if the default credentials have been changed.
The device allows for rebooting without requiring any credentials. A simple HTTP GET request to "http://<DEVICEIP>/<MODEL>/reboot" will initiate the reboot. This vulnerability can be exploited with a Python script to put the device into a reboot loop.
Aside from rebooting the device, an attacker can also retrieve information from it. By replacing "/reboot" with "/getoutbound," the attacker can obtain the server's IP address in the "primaryHostAddress" field and the port the device is using to communicate with the server.
An attacker can cause damage by disabling the access control system, potentially causing the door to unlock and gain entry, or continuously rebooting the device, potentially causing damage to the unit. Moreover, the device responding to unauthenticated commands to retrieve information raises the possibility that other commands could be used to gather information or even take control of the device on the network.
To protect against such vulnerabilities, network administrators should take steps to limit access to the device and place it in a separate network from the main network. Manufacturers of IoT devices, especially those marketed for security, need to improve their quality to prevent unauthorized access to their devices.
This device is a clear example of the continued insecurity in IoT devices. It is essential that network administrators take proactive measures to protect their networks from potential threats, and manufacturers must work harder to develop more secure devices to prevent unauthorized access and protect their users.