Many Canadian Telecom Providers Were Affected By SOLEO IP Relay Vulnerability

Once again, the telecommunication sector has been threatened by a major cybersecurity issue. This time, the affectees include several Internet Service Providers (ISPs) from Canada. Reportedly, a vulnerability in the SOLEO IP Relay affected these ISPs as all of them ran the same vulnerable software. However, by applying Soleo’s patch, these ISPs are now safe. (Yet, the story doesn’t end there!)

Security Vulnerability In SOLEO IP Relay Threatened Major Canadian ISPs

Researchers at Project Insecurity have discovered a security flaw in SOLEO IP Relay. They published a detailed white paper about a zero-day vulnerability in the software and informed everyone about it via a tweet.

Reportedly, two researchers, Dominik Penner and Manny Mand, published a detailed vulnerability report lately, in which they explained their findings. The researchers discovered a local file disclosure vulnerability in the TRS (Telecommunications Relay Services), or the IP-Relay powered by Soleo Communications.

As stated in their vulnerability report,

“This vulnerability exists due to the fact that there is improper sanitization on the “page” GET parameter in servlet/IPRelay… A determined attacker (APT/foreign entity) could leverage this vulnerability to steal passwords from configuration files across multiple providers.”

Explaining further about the impact of this vulnerability, the researchers state,

“Within the source code lies passwords which allow the servlet to communicate with other services, such as SQL/LDAP. An attacker could extract these passwords from within the source files, and further escalate their privileges on the server or even use said information in a social engineering attack. The end result could be escalated to yield remote code execution.”

Ip-Relay or TRS enables people with speech and hearing disabilities to make calls through Teletypewriters (TTY) or other assistive devices.

Numerous Canadian ISPs Affected

In their report, the researchers state that they noticed the number of people affected by the vulnerability was constantly increasing. Hence, they analyzed further to reveal the exact list of affected ISPs in Canada.

“By utilizing Google dorks, we were able to determine that there were at least ​ten ​other Internet Service Providers in Canada that were running the same vulnerable instance of Soleo’s IP Relay. Interestingly enough six out of the ten vulnerable ISPs were actually the largest telecom providers in Canada.”

Below we share the list of affected Canadian ISPs as listed by the researchers.

Allegedly, the impact of this vulnerability over the above-listed ISPs could result in a compromise of “30 million Canadian records”. Therefore, the researchers decided to disclose the list keeping in mind the security of Canadian citizens.

Vulnerability Patched – Yet Vendors Refused Disclosure

Researchers reported the vulnerability to SOLEO on July 17, 2018. They sent several emails in subsequent days and even tried to reach a SOLEO official via LinkedIn. Consequently, on August 10, 2018, the vendors confirmed that they have released a patch. Nonetheless, they didn’t confirm any disclosure timeline. As mentioned in their report,

“Vendor confirms patch, refuses to establish disclosure timeline despite multiple attempts.”

Project Insecurity officials say in a tweet that they will publish a blog soon about the report. They will supposedly disclose their reasons for public disclosure of the vulnerability.

We shall wait to hear more details about the matter. Especially, the reasoning that made vendors refuse public disclosure. Considering the fact that the vulnerability affected almost all major Canadian telcos, hiding or the intention of hiding such instances from the public sounds suspicious.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients