AMX backdoors US govt's comms system with Batman-inspired surveillance mode AMX, which supplies communications kit for the White House, US military, and several of the largest corporations, built a superhero-themed surveillance backdoor into its products. An analysis of the AMX NX-1200 communications controller by researchers at SEC Consult showed the device had a "setUpSubtleUserAccount" function. …
Almost all AMX and Crestron controllers like that one are meant to be used primarily hardwired with CrestNet or AMLink. Yes there's local network access cause people like to use their tablets as touch panels.So we install wireless access points. And yes we have backdoors cause clients and previous programmers loose their login credentials . Hardcoded passwords exist in both these brands.
The controller in question is IR relay and rs-232 primarily , network is also there but as a general rule they are never connected to an outside facing net directly. Most BOFH's dont want anything from controllers on their networks and used on dedicated networks with no web access.
A/V control is not meant to spy on anyone. It's simply meant to control A/V equipment and in debugging systems during installation we do monitor the cat5 / crestnet / AMLink wires tied to it.
But again i repeat. This is not equipment that's normally tied directly to the internet and as a programmer / designer i would never recommend to use a local network to tie it all together.It's a separate lan with separate access points for the panels where required.
This is not a spying device. It's a controller for which we have a backdoor cause clients loose passwords :)
"Almost all..." is a dangerous qualifier right there. Add in that crossing network boundaries is something that anyone with any talent does on a regular basis (white- or black-hat) and you have a real problem there. Where you really win a prize for (pick a derogatory term) is that wireless access points are in the mix. I see vulnerabilities for everyone's gear pop up in my collection of security-fails on at least a monthly basis as well.
It may not be a spying device, really doesn't matter, if someone can hack into the system it can readily be turned into a dream spying device. Total fail.
Riddle me this :
What about the ISEC IPDC and other CDS that use the AMX to store the classified information to populate the codecs ??????????????? this is a BIG PROBLEM.......Classified information everywhere and when you are routing the classified information through the AMX to the VTC to be displayed on the far end what happens the ?????????????
Right it has a backdoor, it has SSH access, so its a remote backdoor.
So has NSA been using it? If so what stopped them using it against the executive branch? You don't put remote access in if remote access isn't the main purpose.
If the device had a bad network connection, then then SSH connection would also be broken, making the debug claim sound bogus.
What is described clearly is extremely bad practice, and SSH capability clearly enables remote access for some value of remote. That said, the vulnerability can be mitigated by firewalls or air gaps while enabling access for debugging by local staff. As always, the services have to be manageable and usable as well as secure against the expected threats. Managers never will like to sign off on risk acceptance, but those not hopelessly dense know there is risk, and accept the fact.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
