In a groundbreaking revelation at Black Hat Europe 2024, researchers from Claroty Team82 unveiled a sophisticated cyberattack method dubbed “Open Sesame,” which exploits vulnerabilities in Ruijie Networks’ Reyee cloud management platform. This platform is widely utilized for managing access points and routers, primarily in public spaces such as airports, schools, and shopping malls across over 90 countries. The implications of this research are significant, as it could potentially allow adversaries to gain control over thousands of connected devices simultaneously.

Ruijie Networks, based in Fuzhou, China, has recently patched ten vulnerabilities identified by the researchers. These vulnerabilities, if left unaddressed, could have enabled attackers to infiltrate internal networks connected to Ruijie devices. The researchers, Noam Moshe and Tomer Goldschmidt, highlighted the severity of these flaws, stating that their findings indicate tens of thousands of devices may be at risk globally.

The vulnerabilities were detailed in a presentation titled “The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices.” Among the ten Common Vulnerabilities and Exposures (CVEs) identified, three were particularly alarming, receiving Common Vulnerability Scoring System (CVSS) scores of 9 or higher, indicating critical vulnerabilities. These include:

• CVE-2024-47547: A weak password recovery mechanism, scored at 9.4.
• CVE-2024-48874: A server-side request forgery vulnerability, scored at 9.8.
• CVE-2024-52324: A vulnerability related to the use of inherently dangerous functions, also scored at 9.8.

The most critical of these vulnerabilities allows devices to impersonate the Ruijie cloud platform, effectively enabling unauthorized commands to be sent to other devices. This could lead to remote code execution (RCE) on any device connected to the Ruijie cloud, creating a significant security risk.

According to the researchers, an attacker could exploit weak authentication mechanisms to generate valid device credentials. Once authenticated as a legitimate device, an attacker could impersonate the Ruijie cloud platform, allowing them to send malicious payloads to other devices within the network. This level of access could grant full control over the devices through legitimate cloud functionalities.

During their presentation, Moshe and Goldschmidt emphasized the potential for such an attack to affect over 50,000 IoT devices at once, showcasing the scale and severity of the vulnerabilities discovered. The researchers’ work underscores the pressing need for robust security measures in the rapidly expanding realm of Internet of Things (IoT) devices, particularly those connected to cloud management platforms.

As the IoT landscape continues to grow, the importance of securing these devices becomes increasingly critical. The findings from Claroty Team82 serve as a wake-up call for organizations relying on IoT technology, highlighting the vulnerabilities that can be exploited by malicious actors if not properly addressed.

In response to the identified vulnerabilities, Ruijie Networks has acted swiftly to patch the flaws, ensuring that users are protected against potential exploits. However, the incident raises broader questions about the security of cloud-connected IoT devices and the measures necessary to safeguard them against sophisticated cyber threats.

The Open Sesame attack serves as a reminder that as technology advances, so too do the tactics employed by cybercriminals. Continuous monitoring, regular updates, and a proactive approach to cybersecurity are essential in mitigating risks associated with IoT devices and cloud management platforms.

As organizations increasingly adopt IoT solutions, the need for comprehensive security protocols cannot be overstated. The findings from this research highlight the importance of collaboration between manufacturers, researchers, and cybersecurity professionals to create a safer digital environment for all.