(In)Security of Japanese IT Asset Management Software presented at codeblue 2017

by Muneaki Nishimura,

Summary : In the Spring 2017, news that an IT asset management software vulnerability was exploited by cyber attackers outside Japan made headlines in TV and national newspapers. IT asset management software is used to protect companies from employees attempting to steal internal information and is deployed on to each employees’ client machine by their IT administrator. Many of the software allow IT administrators to execute code on the employees’ machines, and allows remote control of the machines as well. According to the news, the attackers were able to spoof the IT administrator’s communication and executed a malicious code on the client machine. There are several other famous Japanese IT asset management software other than the one exploited by the attack. There are even software that advertise as “secure” because it has been used by thousands companies. Can we say the other IT asset management software are secure? To answer the question, we did a vulnerability assessment on four of these softwares. The results we found were vulnerabilities that allowed anyone remotely control the employees’ machines, vulnerabilities that let an attacker steal any information from the IT administrator’s server, and other multiple vulnerabilities similar to the one exploited by the cyber attack. This presentation will cover the technical details of the vulnerabilities we found and the common ways to attack that are used to find vulnerabilities in IT asset management software.