Zero-Day Advisory

Fortinet Discovers Recon Private Data Leak Vulnerability

Summary

Fortinet's FortiGuard Labs has discovered private data leak vulnerability in Recon OS 4.2, which is used in Recon Jet and Recon Snow smart glasses manufactured by Recon Instruments.

Recon Jet and Snow smart glasses collect analytics data containing:
- How the smart glasses are shutdown (abrupt shutdown, battery shutdown, graceful shutdown...)
- When the battery is charging and its percentage
- When a cycling or running activity is started or paused
- Etc

They also collect debug & diagnostic data such as device's system logs.

The events are stored as JSON objects in a file on the smart glasses, zipped with a hard coded password and then sent over to Recon Instruments servers during device synchronization.

The data, being protected with a global hard-coded password, are at risk and can be stolen by a malicious third party application on the device or an attacker with physical access to the device.

The issue affects Recon OS version 4.2.

Solutions

Recon Instruments has partially fixed the issue in Recon OS 4.3.3. The data is uploaded via HTTPS, but encryption of the zip has been removed, leaving it at risk on the device.

Timeline

Fortinet reported the vulnerability to Recon Instruments on July 28, 2015.

Recon Instruments confirmed the vulnerability on September 23, 2015.

Recon Instruments issued patch for it in February, 2016.

Acknowledgement

Axelle Apvrille of Fortinet's FortiGuard Labs

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.