Some people are rightly questioning why I'm still pursuing #cyberAlarm
A thread...
1/x
A thread...
1/x
https://twitter.com/Paul_Reviews/status/1547228189558202368
#cyberAlarm is installed in many schools, companies, a Formula 1 team and many more.
The risk it presents to those involved is enormous - I've already remotely lifted files from an internal network because they ran a vulnerable version ()
2/x
The risk it presents to those involved is enormous - I've already remotely lifted files from an internal network because they ran a vulnerable version ()
2/x
With each update, my email inbox fills with desperate network admins who want to push back against management pressure to install it, but can't argue because previous vulns may have been patched.
Because of this, I've torn CA apart 5 times and found critical flaws each time.
3/x
Because of this, I've torn CA apart 5 times and found critical flaws each time.
3/x
Now, the #cyberAlarm terms expressly prohibit any testing by third-parties; making security research a breach of their terms... despite @PoliceChiefs claiming they welcome research
4/x
4/x
The latest "major upgrade" took just 1hr to find a critical vuln on the #police server itself, allowing access to virtually any file (DB creds, backups etc)
If I (as an attacker) gain access or control of the server, I can push updates to collectors to compromise networks.
5/x
If I (as an attacker) gain access or control of the server, I can push updates to collectors to compromise networks.
5/x
Updates are fetched automatically - so an attacker now has a machine inside your network (bypassing your firewall) and can carry out a plethora of attacks; watch network traffic, pull files, trade secrets et al.
6/x
6/x
For 2 years, I've tried repeatedly to make @PoliceChiefs understand the risks but, for whatever reason, they insist on using inept amateurs to deliver a supposedly-secure product.
I've had enough of responsible disclosure; it either leads to cease & desists or nowhere.
7/x
I've had enough of responsible disclosure; it either leads to cease & desists or nowhere.
7/x
I've had enough. Network admins have had enough.
I have tried over the last 3 days to reach @MHewittNPCC to arrange a meeting - to no avail.
In just over 2hrs time (assuming no contact), I will hand over everything thus far to the media.
8/x
I have tried over the last 3 days to reach @MHewittNPCC to arrange a meeting - to no avail.
In just over 2hrs time (assuming no contact), I will hand over everything thus far to the media.
8/x
Sincere apologies to everyone bored of hearing me discuss this; trust me, I understand.
However, I stopped hounding TalkTalk in 2014 and we all know how that ended.
Bear with me, please.
However, I stopped hounding TalkTalk in 2014 and we all know how that ended.
Bear with me, please.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
