A security researcher who used to be part of the infamous hacktivist group LulzSec published an exploit for a popular VPN application made by SonicWall on Monday. The exploit relies on the same vulnerabilities exploited by the notorious hacktivist Phineas Fisher to hack Hacking Team.
On Monday, Darren Martyn published the exploit in a blog, following the announcement by SonicWall that hackers had breached its internal network by exploiting zero-days in its equipment. Martyn said he decided to release the exploit to denounce SonicWall's poor security.
"Figured that with SonicWall back in the news for getting owned via some 0days in their own shit products, it would be somewhat amusing to release this," Martyn wrote.
Do you know of any similar security vulnerability or data breach? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
In an online chat, Martyn explained that he was able to develop the exploit after reading the post-mortem Phineas Fishes wrote after hacking an offshore bank in 2019. In that writeup, the notorious vigilante explained that they used a zero-day in a SonicWall VPN used by the bank, the same product used by Hacking Team, the Italian spyware vendor that Phineas Fisher famously hacked in 2015.
Martyn said he was able to work out the exploit "about 2 minutes after reading the writeup," which "basically tells you everything you need to know."
The vulnerabilities underlying this exploit are patched, according to SonicWall.
“The vulnerability that this post is referencing was patched in 2015 in SMA 18.104.22.168. It cannot be exploited in version 9 or 10,” a SonicWall spokesperson said in an email.
The researcher left the last step of the exploit—how to get administrative privileges on the SonicWall VPN—out of his blog, in order to prevent unsophisticated hackers from just copy pasting the exploit and wreaking havoc with it. In any case, Martyn criticized SonicWall for shipping products that contain severely outdated code, which allowed him and Phineas Fisher to exploit them
"Honestly kind of bizarre, like that level of outdated crap just feels like negligence," Martyn told Motherboard.
In his blog, Martyn was even more scathing in his advice for SonicWall customers.
"The only recommendation I have if you use these products is to unplug them, douse them in kerosene, and set them on fire. It is the only way to be safe from something seemingly developed with this level of negligence."
UPDATE January 26, 11:33 a.m. ET: This story and its headline have been updated to clarify that this exploit was not a zero-day, as SonicWall had patched it.