KiwiSDR is Software defined radio Monitors transmissions in the local area and streams over the Internet. The predominantly hobby user base does all sorts of cool things with playing card sized devices. For example, Manhattan users can connect to the Internet and people in Madrid, Spain and Sydney, Australia can listen to AM and CB radio conversations and watch lightning storms in Manhattan.
On Wednesday, users learned that the device had been equipped with a backdoor for years that allowed Kiwi SDR authors (and possibly other users) to log in to the device with management system privileges. After that, the remote administrator changed the configuration, not only KiwiSDR, but often Raspberry pie, BeagleBone Black, or any other computing device to which SDR hardware is connected.
Big trust problem
KiwiSDR backdoor signs are At least 2017..The back door Recently deleted Under uncertain circumstances. However, the device runs as root on the connected compute device and often has access to other devices on the same network, so the user remains rattling despite being removed.
“It’s a big trust issue,” said the user with the handle. xssfox Told me “I was completely unaware that there was a backdoor. It’s very disappointing to see developers add backdoors and actively use them without their consent.”
In my case, Kiwi SDR is hosted at a remote site where other radio experiments are running. They would have gained access to them. Other Kiwi SDR users may use other people’s / corporate networks to set up remotely or on their home network.It’s like a surveillance camera backdoor / exploit, but smaller [and] Only amateur radio people.
Software defined radio uses software to process radio signals rather than the standard hardware found in traditional radio equipment. KiwiSDR connects to embedded computers, which share local signals with a much wider range of people.
The backdoor is simple enough. A few lines of code allow developers to remotely access any device by entering the URL in their browser and adding the password to the end of the address. From there, backdoor users can reconfigure not only the wireless device, but by default the underlying computing device on which it is running.This is video xssfox uses the device backdoor to gain root access to the BeagleBone.
A quick video showing how the kiwisdr backdoor works.
We also tested that touch / root / kiwi.config / opt.no_console alleviates the problem.
— Xssfox (@xssfox) July 15, 2021
This is a high resolution image.
“The SDR … seems to be connected to the BeagleBone Arm Linux board,” HD Moore, a security expert and CEO of the network detection platform Rumble, told me. “This shell is on that Linux board. If compromised, it could break into your network.”
The backdoor is alive
According to Xssfox, access to the underlying computing device (and possibly other devices on the same network) will occur as long as a setting called “console access” is turned on by default. To turn off access, you need to modify either the management interface or the configuration file, but many users are unlikely to do this. In addition, many devices are rarely updated. As a result, even if the Kiwi SDR developer removes the offending code, the backdoor remains in the device and is vulnerable to hijacking.
Software submission and technical documentation such as This one Name the Kiwi SDR developer John Seasons. Seamons did not reply to emails asking for comments on this post.
Another annoying aspect of the backdoor is OK By engineer user Mark JessopWe communicated over HTTP connections and exposed plaintext passwords and data over backdoor networks to anyone who could monitor traffic in and out of the device.
However, given that Kiwi SDR is HTTP only, I’m a little worried about sending what is essentially a “master” password in clear text. KiwiSDR does not support HTTPS and is said to not support HTTPS. (Handling certificates is also PITA)
— Mark Jessop (@ vk5qi) July 14, 2021
Kiwi SDR users who want to see if the device is being accessed remotely can do so by running a command.
zgrep -- "PWD admin" /var/log/messages*
There is no sign that someone used a backdoor to do anything malicious, but the very existence of this code and its apparent use over the years to access user devices without permission is itself a security breach. Yes, it’s a nuisance in itself. At a minimum, users should inspect their devices and networks for signs of compromise and upgrade to. v1.461.. A true delusion should consider unplugging the device until more details are available.
List of images by Kiwi SDR
https://arstechnica.com/?p=1780666 For years, the backdoor of the popular Kiwi SDR product has taken root in project developers.