One2Track 2019-12-08 Information Disclosure
2024-7-30 20:35:43 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏

[Suggested description]
An issue was discovered on One2Track 2019-12-08 devices.
Confidential information is needlessly stored on the smartwatch. Audio
files are stored in .amr format, in the audior directory. An
attacker who has physical access can
retrieve all audio files by connecting via a USB cable.

------------------------------------------

[VulnerabilityType Other]
Voice conversations leaked to physical attackers.

------------------------------------------

[Vendor of Product]
One2Track

------------------------------------------

[Affected Product Code Base]
one2track - up to-date version as of 12-8-2019 (no exact version number)

------------------------------------------

[Affected Component]
Local smartwatch storage

------------------------------------------

[Attack Type]
Physical

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Attack Vectors]
An attacker must physically have access to the One2track software.
Once this access has been obtained audio messages send to the
smartwatch can be retrieved from the local storage.

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Dennis van Warmerdam, Jasper Nota, Jim Blankendaal

------------------------------------------

[Reference]
https://www.one2track.nl

Use CVE-2019-20469.


文章来源: https://packetstormsecurity.com/files/179818/one2track-disclose.txt
如有侵权请联系:admin#unsafe.sh