1/3/2024 0 Comments Imagecast softwareAn attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions. The authentication mechanism used by technicians on the tested version of ImageCast X is susceptible to forgery.An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code. Applications on the tested version of ImageCast X can execute code with elevated privileges by exploiting a system level service. ![]() An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS. The tested version of ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files.The tested version of ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system.The tested version of ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.An attacker could leverage this vulnerability to disguise malicious applications on a device. The tested version of ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms.The tested version of ImageCast X does not validate application signatures to a trusted root certificate. ![]() The security vulnerabilities are listed below: The security vulnerabilities justify the concerns of election observers who pointed out that admin rights could be used to override security features and that the system could potentially be hijacked due to “spoofing.” It is important to go beyond the advisery document itself to get a clear picture of the vulnerability. The vulnerability overview lists nine different security concerns. The report states that the security advisery affects the following versions of the Dominion Voting Systems ImageCast X software are known to be affected (other versions were not able to be tested): ImageCast X firmware based on Android 5.1, as used in Dominion Democracy Suite Voting System Version 5.5-A and ImageCast X application Versions 5.5.10.30 and 5.5.10.32, as used in Dominion Democracy Suite Voting System Version 5.5-A.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |