Cyber Security News

Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges

A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK version 4.3.46.

This vulnerability arises from the use of a hardcoded decryption key within the application. It allows malicious actors to access sensitive data and execute arbitrary commands with elevated privileges, potentially compromising the security of users’ devices and data.

The presence of a hardcoded key, which is a serious security flaw, means that attackers can easily decrypt data transferred between the app and the cloud service.

This can expose personal information, including login credentials, which could then be exploited to gain unauthorized access to the cloud service containing sensitive video and audio footage from dashcams, as per a report by George Chen shared in Medium.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

The vulnerability was responsibly disclosed to Thinkware on November 12, 2024. The disclosure was made through Thinkware’s PSTI vulnerability disclosure program under support ticket #132091.

Thinkware acknowledged the report on November 13, 2024, and confirmed that it had been forwarded to their mobile app development team for assessment.

A request for public disclosure of the vulnerability was initiated on November 19, 2024, and Thinkware was informed that the report would be shared with MITRE to ensure appropriate tracking and awareness.

Vulnerability Details:

The vulnerability is categorized under CWE-321: Use of Hard-coded Cryptographic Key.

This type of flaw indicates that the cryptographic key is embedded directly in the application code rather than being securely managed, allowing attackers to easily obtain the key and decrypt sensitive data.

For security reasons, the specific component affected within the Thinkware Cloud APK has been redacted. However, it is important for users and organizations relying on this application to be aware of the potential risks associated with this vulnerability.

The specific version of the Thinkware Cloud APK affected by this vulnerability is version 4.3.46. Users running this version are at risk and should take immediate action to secure their data and systems.

The attack vector involves a man-in-the-middle (MitM) scenario where an attacker intercepts the encrypted login data exchanged between the user and the Thinkware cloud service.

By leveraging the hardcoded decryption key, the attacker can decrypt the data to reveal login credentials, thereby gaining unauthorized access to sensitive data, such as video and audio footage captured by Thinkware’s dashcams.

To mitigate this vulnerability, users are advised to update to the latest version of the Thinkware Cloud APK as soon as an update is released. Developers should also remove hardcoded keys and implement secure key management practices.

Additionally, users should be cautious about using unsecured or public networks where MitM attacks are more likely to occur.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property. Unfortunately,…

13 hours ago

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024…

14 hours ago

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's inception.…

14 hours ago

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to develop…

14 hours ago

Thousands of PHP-based Web Applications Exploited to Deploy Malware

A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web applications.…

15 hours ago

W3 Total Cache Plugin Vulnerability Let Attackers Gain Unauthorized Access to Sensitive Data

A significant security vulnerability has been identified in the W3 Total Cache plugin for WordPress,…

17 hours ago