Thin Client exploit vulnerabilitiesWyse Technologies, a manufacturer of thin and compact computer hardware, advertises its products as being as safe as (or even more so than) their PC counterparts because they contain no hard drives that are susceptible to mechanical failure or malware attacks. Wyse even contends that putting in antivirus in their wares is an exercise in futility because its products are already safe from harm from the very start. According to him, the thin devices are still vulnerable to online hacker attacks regardless of their manufacturer's claims to the contrary because they are shipped with susceptible software full of security holes. Once infected, these machines will become botnets that a hacker can control from afar. Their configurations can be changed at will and they can be manipulated by cyber terrorists as freely as PC users who are physically in front of the appliance could. For instance, they could be exploited as soon as they're connected to the Internet, which allows hackers instantaneous access to the devices without the need to interact with their physical, tangible components at all. Wyse thin devices vulnerable to attackThe only thing that an attacker needs in order to take over a Wyse thin device is to know its IP address. Once the exploit code that's made in similar fashion to Finisterre's proof-of-concept executes and spreads, it gives the hacker total control over the command shell of the machine, with complete administrative privileges to boot. However they concede that the code is potent enough to cause their Wyse-software-enabled hardware to crash and critically self-destruct, so they pledged to patch the vulnerabilities as soon as possible. With some extra effort, Finisterre believes that exploits based on Windows Vista or many other popular operating systems can be developed via the use of heap spraying or other comparable methods. |