In the world of network infrastructure, security is a non-negotiable priority. However, Claroty's Team82, a cybersecurity research team, has uncovered 10 vulnerabilities in Ruijie Networks’ Reyee cloud management platform that highlight significant risks. These vulnerabilities, if exploited, could allow malicious attackers to execute code on cloud-connected devices, affecting tens of thousands of systems globally. Even more concerning is a newly devised attack, dubbed "Open Sesame," which leverages these vulnerabilities for targeted exploitation, granting access to internal networks with alarming ease.
The Impact of Ruijie’s Vulnerabilities
Ruijie Networks is a prominent global provider of networking products, including switches, wireless access points, and cloud management solutions. Their Reyee platform allows users to remotely manage network devices, a convenience that also introduces risks if not properly secured. According to Team82, these vulnerabilities affect both the Reyee platform and the operating system (Reyee OS) powering Ruijie’s devices.
"The vulnerabilities we discovered could enable an attacker to execute arbitrary code on any cloud-connected device," Team82 revealed. This could lead to attackers taking full control of devices, creating botnets, or breaching sensitive networks.
How Open Sesame Works
The Open Sesame attack underscores how deeply intertwined vulnerabilities can be exploited. It begins with an attacker sniffing Wi-Fi beacon messages sent by a nearby Ruijie access point. These beacon messages, used to broadcast the network’s presence, inadvertently expose the device’s serial number—a critical identifier used by Ruijie for authentication.
Using this serial number, an attacker can exploit vulnerabilities in Ruijie’s MQTT communication protocol. By impersonating the cloud platform, they can send malicious commands to the targeted device, resulting in full remote code execution. Once compromised, the attacker gains access to the device’s internal network, bypassing traditional Wi-Fi security measures.
Flaws in MQTT Implementation
MQTT, a messaging protocol often used for IoT devices, is at the heart of Ruijie’s cloud communication system. Team82 found that Ruijie’s devices use a predictable method for generating MQTT credentials, based on their serial numbers. This predictable scheme, combined with exposed serial numbers, opens the door for attackers to authenticate themselves as legitimate devices.
"We were able to subscribe to cloud communication topics and receive thousands of messages from devices worldwide," Team82 noted. These messages revealed serial numbers for all connected devices, further exposing the ecosystem to exploitation.
Mitigating the Risks
Ruijie Networks has responded swiftly to Team82’s findings, addressing all vulnerabilities in their cloud infrastructure. Importantly, no action is required from users to implement these fixes. Ruijie’s collaboration with cybersecurity experts and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlights a proactive approach to resolving these issues.
"We acknowledge Ruijie Networks and CISA for their cooperation in addressing these vulnerabilities, which enhances the protection of the Reyee OS platform," said Team82.
Lessons for the IoT Landscape
The Ruijie vulnerabilities serve as a stark reminder of the challenges posed by IoT devices and cloud-managed platforms. The increasing reliance on cloud-enabled management introduces convenience but also expands the attack surface. Ensuring robust authentication mechanisms, encrypting sensitive identifiers, and securing communication protocols are essential steps for safeguarding these ecosystems.
As the internet of things continues to grow, incidents like this underscore the importance of rigorous security practices. For now, the swift action taken by Ruijie Networks demonstrates a commitment to addressing emerging threats and protecting their users worldwide.
However, this case also highlights the ongoing need for vigilance and proactive research to secure the interconnected devices shaping our digital future.