Nice Recording eXpress lawful intercept solution is flawed

Researchers at SEC Consult Vulnerability Lab discovered that Nice Recording eXpress lawful intercept software contains numerous flaws, including a backdoor.

Nice Recording eXpress voice-recording package software used by law enforcement to intercept communications of suspects under investigation contains various flaws, this is the discovery of security researchers at SEC Consult Vulnerability Lab.

The researchers have recently published an advisory to describe the flaws and warn that critical weaknesses could expose users to attacks that compromise investigations and the security of the agency networks.

“Attackers are able to completely compromise the voice recording/surveillance solution as they can gain access to the system and database level and listen to recorded calls without prior authentication,” “Furthermore, attackers would be able to use the voice recording server as a jump host for further attacks of the internal voice VLAN [virtual local area network], depending on the network setup.” said the researchers. 

The experts have found the vulnerabilities in the NICE Recording eXpress version 6.3.5, and according to the release notes published by the vendor all previous releases are affected too and only partial fixes have been released.

Among the numerous weaknesses of the lawful interception solution, provided by Israel-based Nice Systems and used by law enforcement, there is a worrying undocumented backdoor protected with a hardcoded password.

“1) root backdoor account (REC-5180 SR1093984 – subtask REC-5424)

The MySQL database table “usr” contains a “root” user with USRKEY / user id 1 with administrative access rights. This user account does NOT show up within the “user administration” menu when logged in as administrator user account in the web interface. Hence the password can’t be changed there. As a side note: Password hashes are shown in the user administration menu for each user within HTML source code.” reported the SEC Consult Vulnerability Lab researchers.

Apart the root backdoor account, many other vulnerabilities were discovered by the researchers, including:

  • unauthenticated access to sensitive files and voice recordings
  • multiple cross-site scripting flaws which allow attackers to obtain or impersonate other users’ sessions
  • multiple SQL injection flaws which allow attackers to access records
  • unauthenticated access which allows attackers to delete or modify data
  • low-privileged user access to other users’ sensitive data

The researchers are inviting the authorities to stop using the Nice Recording eXpress voice-recording package, they advised customers not use the solution “until a thorough security review has been performed by security professionals and all identified issues have been resolved.”

The Israeli company provided “mission-critical lawful interception solutions to support the fight against organized crime, drug trafficking and terrorist activities“, it serves also forensic investigators, banks, utilities, and healthcare providers.

n1

“NICE Recording eXpress is designed specifically for the audio recording needs of the small and medium sized Public Safety organisation. This advanced recording solution offers a comprehensive, advanced, easy-to-install and affordable platform built for the Public Safety environment and Command and Control operations delivering optimal recording functionality and quality management.” 

The researchers have contacted Nice representatives, but since two weeks ago they didn’t respond.

Due the high sensitive information managed by Nice Recording eXpress and its use, it is easy to predict that a large number of attackers will try to exploit the flaws.

Pierluigi Paganini

(Editor-In-Chief, CDM)

rsa-logo

 

 

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X