Description
Client: Unifonic
Category: Product Security
Date: 15 March 2023
Unifonic is a service-based organization that provides businesses with affordable enterprise-grade multilingual, seamless omnichannel communications platforms throughout the Middle East. Since its inception in 2006, the company has helped numerous organizations to develop effective communication with their customers. It has served over 160 million recipients with more than 5000 business accounts till now.
Before they met us
- Unifonic operates through a unified dashboard to provide all the services to its clients. The same is responsible for handling the operation of its products and applications throughout its user base.
- The IP was publicly exposed. At present, the client was facing issues that seem to be minor. But Unifonic was fearful of major cyber incidents taking the prevalence of online threats into account.
- And our findings during the execution of this project prove that they were rightly terrified.
- Unifonic engaged us just at the right time. Otherwise, it might have resulted in a catastrophic security failure for their infrastructure.
How we went through this case?
- We planned and executed a thorough Infrastructure Penetration Testing. As many as 300 IP addresses were tested in the project.
- Our team gathered and exploited all security vulnerabilities on the given IP addresses.
- We segregated IPs into whitelisted and non-whitelisted categories to conduct a comprehensive assessment of the production environment for IP address pen testing.
- Our team identified all the security risks within Unifonic’s infrastructure and their impacts on the applications used for day-to-day business operations.
- At the end of the project, we submitted all our deliverables to the client within the due timeframe allotted to us.
Processes we used
- We went in with the conventional approach for External Penetration Testing to evaluate the security status of the client’s infrastructure.
- A comprehensive intelligence gathering for effective target development for the pen testing process.
- Our testing team conducted a series of systematic manual & automated tests to uncover exploits in the subdomains, login portals, and other entry points.
- Simulated spraying and brute forcing to test the resistance of the infrastructure against password-guessing attacks.
- The team also tested the authentication protocols for user accounts, administrative panels, and other services by stuffing credentials scraped from the dark web and breach databases.
Vulnerabilities we Found
The testing team from RSK Cyber Security deployed on this project found a total of 54 vulnerabilities through the credentialed patch audit.
Among these vulnerabilities:
- 6 were of critical severity.
- 14 were of high severity.
- 30 were of medium severity.
- 4 were of low severity.
All these vulnerabilities were distributed unevenly through different sections of Unifonic’s infrastructure.
The following are the descriptions of some of those vulnerabilities that had the potential to cause the most catastrophic incidents:
Directory Listing Disclosure
- Critical vulnerability found on AWS
- Impact: publicly expose critical information
MYSQL database running on default port
- Another critically severe vulnerability in the AWS section
- Impact: DoS/Buffer Overflow and SQL injection attacks
Unauthenticated HTTP services
- Critical vulnerability on Oracle
- Impact: allows unauthorized access and risks undue actions performed by anonymous users.
RDP service is enabled
- A high-severity issue on Oracle
- Impact: Remote Desktop Protocol risks unauthorized access and control of the systems.
Host allows connection via FTP
- High-severity vulnerability on STC
- Impact: allows hackers to exploit public access
NFS distribution disclosed
- High-severity issue on STC and Detasad
- Impact: intrusion and interception of data in transit
Sensitive Information Disclosure
- A critical vulnerability on Detasad
- Impact: sensitive information in the wrong hands might result in breaches and other exploits
There were a lot of other vulnerabilities that we identified, exploited, and provided recommendations to remediate.
Tools used by our team
Open-Source Intelligence (OSINT) tools for passive intelligence gathering.
Nmap to scan every active IP address.
Nessus for remote scanning of network security threats.
Results and Recommendations
The tested infrastructure was not secure. It was not aligned with the best security practices.
Our team identified multiple issues in Unifonic’s infrastructure that might have resulted in catastrophic incidents.
We recommended remediation steps to address issues such as Insecure Configurations, Data injection attacks, Data manipulation, DOS Attacks, Deprecated communications practices, Information Disclosure, and Missing compliance implementation.
For maintaining security standards in the future, we recommended the client implement frequent vulnerability scanning and other protocols including policy review, a review of internal security controls and procedures, or internal red teaming/penetration testing.
Out testing team delivered a thorough report to the client featuring all the exploited vulnerabilities, their impacts, and how to mitigate them.
Eventually, at the end of the project, Unifonic was able to update its security status and make it in line with the required standards.
