AM Video

History

2021: A hole in the AM Video IT system allowed remote control of the third barrier in Moscow

At the end of December 2021, it became known about the dangerous vulnerability found in the AM Video software for managing barriers. Bekhan Gendargenoevsky, co-founder of Postuf cybersecurity company, spoke about the problem of RBC.

We are talking about a third of all installed barriers in Moscow, there are more than 1,500 of them. The bulk - about 85% - of the barriers managed by the system are concentrated in Moscow. Another 10% are located in the Moscow region, the rest - in other regions, explains Gendargenoevsky.

Vulnerability in the IT system "AM Video" allowed remote control of the third barrier in Moscow

According to him, the vulnerability allowed users accessing the AM Video website through a test account to access any objects of the company's system. For this, it was possible to substitute the ID of cameras or barriers by simply selecting a numerical identifier. In addition, the system opened access to all user data: names, addresses, phones, car brands. Vulnerability made it possible to block house barriers, send notifications to users of the system or use their personal data.

In addition to remotely opening barriers, having access to such applications, an attacker can "put" malicious code in the application code, and when the user enters it, some exploit will be uploaded to it (a subspecies of malware that uses system vulnerabilities), and the attacker will gain full control over the user's device, Pavel Korostelev, head of product promotion at Security Code, told the publication.

According to Gendargenoevsky, vulnerability could arise from the company's desire to develop everything on its own, instead of transferring the process to. outsourcing

Perhaps the company did not pull: they wrote the code, and they could not write many stages of its life cycle, including testing and security, he argues.[1]

Notes