Megvii Koala 2.9.1-c3s architectural vulnerability on network relays
DESCRIPTION
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3sallows attackers to grant physical access to anyone by sending packet data to UDP port 5000 of any network relays connected to doors.
The vulnerability has been submitted to ZDI on March 20, 2020 as ZDI-CAN-10793.
The vendor has acknowledged and confirmed the vulnerability and said the production has reached end-of-line while a patch is available in newer products. We are not able to confirm the vendor's statement.The vendor has published a public advisory and asks the customers to upgrade the software when it is available. Product lines impacted by similar vulnerability will have patches in August 2020.Details
Megvii Koala is a facial recognition system sold by Megvii. It is marketed towards factory, company concierge, apartment complex, etc. There are several hardware configurations, depending on the system integrator.
The weakness is in the architecture of the Megvii Koala system. The weakest link is the network relay, which has to be either HHT-NET2D or TCP-KP-I404. When an adversary has access to the internal network, one has only to send the string "on1" to UDP port 5000 of all the devices in the network to open all the doors.
The architecture, according to the instruction manual provided by the vendor, is like,
---------------------------- UDP 5000 COM/ON/OFF | --------- ------ | --------------> HHT-NET2D ------------> Door | | Backend | <---> | Edge | | | --------- ------ | <--- HTTP ----> Samsung Tablet ---------------------------- USB-C Cable
To our best knowledge, no firewall is recommended in user instruction manuals.
Vulnerability Type
CWE-862: Missing Authorization
Attack Type: Remote
Attack Vectors
To exploit vulnerability, attackers have to have access to LAN of the facial recognition access controller.
Mitigation
Deploy a firewall in front of network relays and allow UDP 5000 from Megvii edge server only.
Deny all other connections.
Discoverer
Roel Reyes, Joey Costoya, Philippe Lin, Vincenzo Ciancaglini, Morton Swimmer
Reference
Public advisory from the vendor: http://techsupport.megvii.com/hc/kb/article/1401343/
Featured Stories
- Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
- Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more