Tuesday, January 26, 2016

Security Director Alert: Check your board and conference rooms for equipment made by AMX

Lots of companies -- and even the White House -- use a conference calling system that could possibly be tapped by hackers, according to new research.

On Thursday, cybersecurity experts at SEC Consult revealed a secret doorway that's built into a popular conference calling product built by a company called AMX.

AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.

The company hard-coded backdoor access into its system. AMX created a "secret account" with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.

It's a glaring security hole. more

Murray Associates Recommendation
A firmware update is available for products and systems incorporating the NetLinx NX Control platform:

NX Series Controllers
NX-4200 FG2106-04
NX-3200 FG2106-03
NX-2200 FG2106-02
NX-1200 FG2106-01
Massio® ControlPads
MCP-106 FG2102-06X-X
MCP-108 FG2102-08-X
Enova® DVX All-in-One Presentation Switchers
DVX-3256HD FG1906-22/24
DVX-3255HD FG1906-16/18
DVX-3250HD FG1906-15/17
DVX-2250HD FG1906-11/13
DVX-2255HD FG1906-12/14
DVX-2210HD FG1906-07/09

Firmware downloads require a current login and password for the AMX Account Center to access the protected Technical Documentation and Support Materials sections of the AMX by HARMAN website. Technical Support Staff within End User organizations should contact their authorized AMX Dealer or HARMAN Professional representative for assistance.