Remote code execution attack at Stem smart speakers allows eavesdropping on users’ conversations

The increase in the use of technological implementations such as smart speakers, in conjunction with the growing need to use videoconferencing platforms, has resulted in the emergence of new security risks related to Internet of Things (IoT) technology. In a recent investigation, Grimm experts managed to hack a Steam Audio Table smart speaker to demonstrate the risks inherent in the processors built into these devices.

“Any user might think that these devices are made up of very basic components; in fact, they are complex machines with extensive functionalities, which allow the appearance of a wide attack surface,” says the research.

During the analysis of the device, the researchers discovered that they could carry out a remote code execution attack, which would allow them to evade the security mechanisms on the device and spy on the chat and video call sessions of the compromised users. Apparently, this fault exists because of a stack-based buffer overflow.

Experts also discovered a command injection flaw that exists due to insufficient disinfection of user-supplied inputs. It is important to mention that the flaws were corrected in the most recent Stem Audio update. A control interface authentication vulnerability and various weaknesses in encryption were also discovered during testing in Stem Audio Table. All problems identified were reported to Shure, owner of the Stem brand.

Grimm experts say these flaws are very common in IoT devices: “Although Stem has already addressed these issues, the flaws identified in this process follow similar patterns to those discovered in other similar devices, which could put at risk some videoconferencing sessions, VoIP tools, internet-connected cameras and other IoT devices.”

As a security measures, organizations can protect themselves by following very simple mitigations, such as disconnecting devices when they are not in use and connecting them through USB workstations instead of connecting them to the enterprise network, advise the experts at Grimm.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.