{"id":39559,"date":"2019-09-14T08:34:07","date_gmt":"2019-09-14T12:34:07","guid":{"rendered":"https:\/\/swling.com\/blog\/?p=39559"},"modified":"2019-09-14T08:34:07","modified_gmt":"2019-09-14T12:34:07","slug":"security-vulnerability-affects-imperial-dabman-web-radios","status":"publish","type":"post","link":"https:\/\/swling.com\/blog\/2019\/09\/security-vulnerability-affects-imperial-dabman-web-radios\/","title":{"rendered":"Security vulnerability affects Imperial Dabman web radios"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Many thanks to SWLing Post<\/em> contributor, Ed, who writes:<\/p>\n

I’m wondering if SWLing Post readers who use Imperial Dabman web
\nradios might want to read about this serious security vulnerability.<\/p>\n

(Source: Threat Post<\/a>)<\/p>\n

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.<\/p>\n

Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets\u2019 embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, add a compromised radio to a botnet, send custom audio streams to the device, listen to all station messages as well as uncover the Wi-Fi password for any network the radio is connected to.<\/p>\n

The issue (CVE-2019-13473) exists in an always-on, undocumented Telnet service (Telnetd) that connects to Port 23 of the radio. The Telnetd service uses weak passwords with hardcoded credentials, which can be cracked using simple brute-forcing tactics. From there, an attacker can gain unauthorized access to the radio and its OS.<\/p>\n

In testing, researchers said that the password compromise took only about 10 minutes using an automated \u201cncrack\u201d script \u2013 perhaps because the hardcoded password was simply, \u201cpassword.\u201d<\/p>\n<\/blockquote>\n

Click here to read the full article at Threat Post.<\/a><\/p>\n

Thank you for the tip, Ed!<\/p>\n","protected":false},"excerpt":{"rendered":"

Many thanks to SWLing Post contributor, Ed, who writes: I’m wondering if SWLing Post readers who use Imperial Dabman web radios might want to read about this serious security vulnerability. (Source: Threat Post) Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices. Imperial Dabman IoT […]<\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3,4652],"tags":[8002,999,4112],"class_list":["post-39559","post","type-post","status-publish","format-standard","hentry","category-news","category-wifi-radio","tag-imperial-dabman","tag-internet-radio","tag-web-radio"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pn3uc-ai3","jetpack-related-posts":[{"id":40186,"url":"https:\/\/swling.com\/blog\/2019\/10\/1961-film-tuning-in-radio-sarawak\/","url_meta":{"origin":39559,"position":0},"title":"1961 Film: “Tuning In Radio Sarawak”","author":"Thomas","date":"October 16, 2019","format":false,"excerpt":"Many thanks to SWLing Post contributor, Adid, who writes: Hi Thomas, I just watched this very interesting DX film about RADIO SARAWAK. It's a behind the scenes look at radio in the tropics, with great vintage gear. I don't think it was FM as it's was much expensive and coverage\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/swling.com\/blog\/category\/news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2019\/10\/Screen-Shot-2019-10-16-at-07.18.06.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2019\/10\/Screen-Shot-2019-10-16-at-07.18.06.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2019\/10\/Screen-Shot-2019-10-16-at-07.18.06.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2019\/10\/Screen-Shot-2019-10-16-at-07.18.06.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":50265,"url":"https:\/\/swling.com\/blog\/2021\/10\/looking-for-firmware-files-dont-download-unless-you-know-the-source\/","url_meta":{"origin":39559,"position":1},"title":"Looking for firmware files? Don’t download unless you know the source!","author":"Thomas","date":"October 1, 2021","format":false,"excerpt":"A quick PSA from SWLing Post HQ... Many of our modern receivers, transceivers, and SDRs allow us to perform firmware updates in order to upgrade product functionality and even fix known bugs. I try to keep the latest firmware on all of my radios. With that said, always go to\u2026","rel":"","context":"In "Ham Radio"","block_context":{"text":"Ham Radio","link":"https:\/\/swling.com\/blog\/category\/ham-radio\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2019\/11\/Malahit-dsp.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2019\/11\/Malahit-dsp.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2019\/11\/Malahit-dsp.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2019\/11\/Malahit-dsp.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":34812,"url":"https:\/\/swling.com\/blog\/2018\/11\/wellington-brewerys-uvb-76-imperial-stout-series\/","url_meta":{"origin":39559,"position":2},"title":"Wellington Brewery’s UVB-76 Imperial Stout Series","author":"Thomas","date":"November 12, 2018","format":false,"excerpt":"(Source: Canadian Beer News via Richard Cuff) GUELPH, ON \u2013 Wellington Brewery has announced details of a second annual set of bourbon barrel-aged imperial stouts that are due for release later this month. UVB-76 (11.9% abv) takes its name from a mysterious shortwave radio station that broadcasts a repeating buzz\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/swling.com\/blog\/category\/news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2018\/11\/UVB76-Beer-Launch-Party-e1542020883953.jpeg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":3068,"url":"https:\/\/swling.com\/blog\/2012\/03\/rethinking-internet-radio-part-one\/","url_meta":{"origin":39559,"position":3},"title":"Rethinking Internet Radio, Part One","author":"Thomas","date":"March 26, 2012","format":false,"excerpt":"At the SWLfest this year, I attended a forum about web\/Internet radio that resulted in my reconsideration (and, frankly, increased appreciation) of this now-conventional medium. If you're already familiar with web radio, you may find this post a bit primary in nature; but if, like me, you hadn't given the\u2026","rel":"","context":"In "Articles"","block_context":{"text":"Articles","link":"https:\/\/swling.com\/blog\/category\/articles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2012\/03\/webradio.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":59089,"url":"https:\/\/swling.com\/blog\/2024\/02\/radioside-a-cool-web-based-portable-internet-radio-interface\/","url_meta":{"origin":39559,"position":4},"title":"RadioSide: A cool, web-based, portable internet radio interface","author":"Thomas","date":"February 24, 2024","format":false,"excerpt":"Many thanks to SWLing Post contributor, Alex, who writes: Thomas, I am Alex and a reader of SWLing for quite a while, particularly in terms of reviews and tests, very helpful and I appreciate your work. As a listener myself enjoying my Tecsun PL-680 among others, I have also created\u2026","rel":"","context":"In "New Products"","block_context":{"text":"New Products","link":"https:\/\/swling.com\/blog\/category\/new-products\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2024\/02\/RadioSide-1.jpeg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2024\/02\/RadioSide-1.jpeg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2024\/02\/RadioSide-1.jpeg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2024\/02\/RadioSide-1.jpeg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2024\/02\/RadioSide-1.jpeg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":37911,"url":"https:\/\/swling.com\/blog\/2019\/05\/aggregation-aggravation-update-frontier-silicon-working-on-favorites-and-personal-streams\/","url_meta":{"origin":39559,"position":5},"title":"Aggregation aggravation update: Frontier Silicon working on Favorites and Personal Streams","author":"Thomas","date":"May 23, 2019","format":false,"excerpt":"One of the hottest topics here on the SWLing Post this month is regarding Frontier Silicon and vTuner \"aggregation aggravation.\" Let me explain. Earlier this month, Frontier Silicon abruptly dropped vTuner as its radio stream aggregator after vTuner CEO Peter Johnson shut off the service. Johnson stated here on the\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/swling.com\/blog\/category\/news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2016\/08\/Sangean-WFR-28-Front.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2016\/08\/Sangean-WFR-28-Front.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2016\/08\/Sangean-WFR-28-Front.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/swling.com\/blog\/wp-content\/uploads\/2016\/08\/Sangean-WFR-28-Front.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/posts\/39559","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/comments?post=39559"}],"version-history":[{"count":0,"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/posts\/39559\/revisions"}],"wp:attachment":[{"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/media?parent=39559"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/categories?post=39559"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swling.com\/blog\/wp-json\/wp\/v2\/tags?post=39559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}