Riaan 
Akuvox
I-Akuvox E11 ikhokhiswa njengefoni yomnyango wevidiyo, kodwa empeleni ingaphezu kwalokho. Idivayisi exhunywe kwinethiwekhi ivula iminyango yokwakha, ihlinzeka ngokuphakelayo kwevidiyo nemakrofoni ebukhoma, ithatha isithombe futhi isilayishe isikhathi ngasinye lapho othile edlula khona, futhi ifake ukungena ngakunye nokuphuma ngesikhathi sangempela. Injini yokusesha yedivayisi ye-Censys ibonisa ukuthi cishe izisetshenziswa ezinjalo ezingu-5,000 zivezwe ku-inthanethi, kodwa cishe maningi amanye amaCensys angakwazi ukuwabona ngenxa yezizathu ezihlukahlukene.
Kuvele ukuthi lo mshini onamandla onke, owazi konke ugcwele izimbobo ezihlinzeka ngezindlela eziningi zokubeka idatha ebucayi namandla anamandla ezandleni zabalingisi abasabisayo abazinika isikhathi sokuhlaziya ukusebenza kwayo kwangaphakathi. Yilokho kanye okwenziwa abacwaningi befemu yezokuphepha iClaroty. Okutholiwe kubucayi ngokwanele ukuthi noma ubani osebenzisa enye yalezi zisetshenziswa ekhaya noma esakhiweni kufanele ame kancane efunda lesi sihloko, anqamule i-E11 yakhe ku-inthanethi, futhi ahlole ukuthi kufanele aye kuphi esuka lapho.
Ubungozi obungu-13 obutholwe u-Claroty buhlanganisa ukungabikho kokuqinisekisa kwemisebenzi ebalulekile, ukugunyazwa okungekho noma okungafanele, okhiye abanekhodi eqinile ababethelwe kusetshenziswa okhiye abafinyeleleka kalula kunokhiye abasheshayo be-cryptographically, kanye nokuvezwa kolwazi olubucayi kubasebenzisi abangagunyaziwe. Nakuba kubi njengobuthakathaka, usongo lwabo lwenziwa lubi kakhulu ukwehluleka Akuvox—umnikezeli ohamba phambili ozinze eChina we-intercom ehlakaniphile nezinhlelo zokungena ezicabheni—ukuze aphendule imilayezo eminingi evela ku-Claroty, i-CERT coordination Center, kanye ne-Cybersecurity and Infrastructure Security Agency esikhathini esingamasonto ayisithupha. UClaroty kanye ne-CISA bashicilele esidlangalaleni abakutholile ngoLwesine lapha futhi lapha.
Konke ngaphandle kokulimala okukodwa kuhlala kungalungisiwe. Abamele i-Akuvox abazange baphendule kuma-imeyili amabili befuna ukuphawulwa ngalesi sihloko.
I-WTF ingabe le divayisi iyayenza ehhovisi lami?
Abacwaningi be-Claroty baqale ukukhubeka ku-E11 lapho bengena ehhovisi elilodwa lifakwe ngaphambili emnyango. Njengoba inikezwe ukufinyelela kwayo kokuvela nokuhamba kwabasebenzi nezivakashi kanye nekhono layo lokuhlola nokuvula iminyango ngesikhathi sangempela, banquma ukubheka ngaphansi kwesivalo. Ifulegi lokuqala elibomvu abacwaningi abalitholile: Izithombe ezithathwe isikhathi ngasinye lapho ukunyakaza kutholwa emnyango zithunyelwe yi-FTP engabhaliwe kuseva ye-Akuvox kunkomba noma ubani angayibona futhi, kusukela lapho, landa izithombe ezithunyelwe ngamanye amakhasimende.
“Samangala kakhulu lapho siqala futhi sibona i-FTP,” kusho u-Amir Preminger, i-VP yocwaningo eqenjini likaClaroty’s Team82, engxoxweni. “Asikaze sicabange ukuthola i-FTP kucace. Sivimbe idivayisi kuqala, sayinqamula kukho konke, sayibeka esiqhingini sayo, futhi sayisebenzisa njengendawo yokuzimela. Sisezinhlelweni zokuyishintsha.”
Ngenkathi ukuhlaziywa kuqhubeka, ukuziphatha kweseva ye-FTP kushintshile. Uhla lwemibhalo ngeke lusabukwa, ngakho-ke kungenzeka ukuthi ngeke lusadawuniloda, nalo. Usongo olukhulu lusaqhubeka nokuba khona, nokho, njengoba ukulayisha kwe-FTP akubetheliwe. Lokho kusho ukuthi noma ubani okwazi ukuqapha ukuxhumana phakathi kwe-E11 ne-Akuvox angakwazi ukuvimba ukulayisha.
Okunye okukhulu okutholwe ngabacwaningi kwaba iphutha kusixhumi esibonakalayo esivumela umnikazi ukuthi asebenzise isiphequluli sewebhu ukuze angene kudivayisi, ayilawule, futhi afinyelele izifunzo ezibukhoma. Yize isixhumi esibonakalayo sidinga imininingwane yokufinyelela, uClaroty uthole imizila efihliwe enikeza ukufinyelela kweminye yemisebenzi yewebhu ngaphandle kwephasiwedi. Ukuba sengozini, okulandelelwa njenge-CVE-2023-0354, kusebenza ngokumelene namadivayisi avezwe ku-inthanethi kusetshenziswa ikheli le-IP elimile. Abasebenzisi benza lokhu ukuze baxhume kudivayisi bekude besebenzisa isiphequluli.
Lokho akubona kuphela ubungozi obuvumela ukufinyelela okukude okungagunyaziwe ku-E11. Idivayisi iphinde isebenze nohlelo lokusebenza lwefoni olubizwa nge-SmartPlus olutholakalayo Android futhi iOS. Ivumela ukufinyelela okukude ngisho noma i-E11 ingavezwanga ngokuqondile ku-inthanethi kodwa esikhundleni salokho ingemuva kwe-firewall isebenzisa. ukuhumusha ikheli lenethiwekhi.
I-SmartPlus ixhumana ne-intercom isebenzisa i Iphrothokholi yokuqalisa iseshiniizinga elivuliwe elisetshenziselwa ukuxhumana kwesikhathi sangempela njengamakholi wezwi nevidiyo, imiyalezo esheshayo, nemidlalo.
