April 3, 2025
Zero-Day in D-Link WLAN Camera ProSec Pentester Discovers Critical Vulnerability Through Hardware Analysis A member of our pentest team at ProSec has discovered a critical vulnerability in D-Link WLAN Camera
"Nope, everything is quiet here” – was the IT department mistaken? Our ethical hacker and co-founder Immanuel Bär is currently sneaking through the systems and is being Business punk-author Hilmar Poganatz. He didn't even have to be so quiet. You can find insights in the article below - even more details in the full article in the Output 2024 / 05 of the magazine.
In the latest issue of Business punk the author Hilmar Poganatz shows how important comprehensive IT security measures are - and how frighteningly easy it can be to circumvent them. As part of a penetration test that our co-founder Immanuel carried out with a team colleague, security gaps in a large German mechanical engineering company were uncovered.
Even the (literal) entry into the company shows how much can be achieved through clever social engineering: with a smile and a laptop under his arm, Immanuel passes the reception and enters conference rooms and factory halls without any problems. Such calm approaches make it clear that (IT) security is not just a question of technology, but also of physical control and the human factor.
The article describes in a particularly impressive way how Immanuel manages to hack into the company's internal network. He goes through the factory halls into the foreman's workshop, where he can easily read passwords and install malicious scripts using a prepared USB stick, a "Rubber Ducky". This type of attack shows how much IT security can be endangered by physical vulnerabilities.
But that's not all: In the office, he comes across post-its with passwords written on them - a classic mistake that can still be found in many companies. This small carelessness can potentially cause huge damage.
At this point, at the latest, the company fell.
Immanuel about the moment when a Trojan horse in the form of a small computer is successfully connected via LAN.
A central theme of the article is the financial damage that can result from such security gaps. According to the industry association Bitkom, cyber attacks on companies in Germany cause billions of euros in damage every year. The mechanical engineering company that is tested in the report also estimates that it could suffer millions of euros in damage every day in the event of a successful attack. And such scenarios are no longer rare.
The article by Business punk clearly shows why regular penetration tests are essential. Even companies that believe they have their security measures under control are often proven wrong when an experienced penetration tester like Immanuel is at work. Many vulnerabilities are not immediately visible and only become apparent through simulated attacks. The risk posed by vulnerabilities such as missing access controls can also be assessed much more realistically by actively exploiting them.
Cooperations with media such as Business punk help us to raise awareness of IT security. It is important that not only IT professionals, but also executives and managers understand what threats exist and how companies can protect themselves - for fewer password post-its and more real awareness.
By the way: Immanuel and Business-PunkAuthor Hilmar Poganatz left the factory premises in a company car, befitting their status - they quickly secured the key. The hacking then continued undisturbed in the hotel, thanks to the digital doors to the system that they had previously opened.
Zero-Day in D-Link WLAN Camera ProSec Pentester Discovers Critical Vulnerability Through Hardware Analysis A member of our pentest team at ProSec has discovered a critical vulnerability in D-Link WLAN Camera
DORA Regulation: Requirements, implementation and strategic opportunities DORA Regulation – what you definitely didn’t know Before you read on: In this article
WiFi Sensing: How intelligence services monitor you – and how pentesters use the method to your advantage WiFi Sensing has