Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

Courtroom Recording Software Compromised With Backdoor Installer (arstechnica.com) 18

Hackers have compromised a popular courtroom recording software, JAVS, gaining full control through a backdoored update. Louisville, Kentucky-based Justice AV Solutions, its maker, pulled the compromised software, reset passwords, and audited its systems. Cybersecurity firm Rapid7 found that the corrupted installer grants attackers full access and transmits host system data to a command-and-control server. The Record adds: In its advisory, Rapid7 stressed the need to reimage all endpoints where the software was installed, and to reset credentials on web browsers and for any accounts logged into affected endpoints, both local and remote. "Simply uninstalling the software is insufficient, as attackers may have implanted additional backdoors or malware. Re-imaging provides a clean slate," they wrote. "Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials."
This discussion has been archived. No new comments can be posted.

Courtroom Recording Software Compromised With Backdoor Installer

Comments Filter:
  • may also want to rebuild the full image if an older version is part of the base image.

  • cloud based software needs to go / have an local server install.

    And not this
    you must open your firewall to us
    you can't defer updates / only can skip them for an limited time
    are hosted out side of your control.
    etc

  • by RobinH ( 124750 ) on Friday May 24, 2024 @10:32AM (#64496009) Homepage
    The recordings are technically public, in most cases, though I wonder if any confidential stuff gets recorded. However, the scarier possibility is that someone could actually modify recordings and transcripts to change the public record.
    • by tlhIngan ( 30335 )

      The recordings are technically public, in most cases, though I wonder if any confidential stuff gets recorded. However, the scarier possibility is that someone could actually modify recordings and transcripts to change the public record.

      That's exactly the problem.

      You might not realize it but the transcript (and recordings) of a court case are the evidence of the proceedings. If you were to file an appeal, the transcripts and recordings are the primary evidence the court of appeal uses to determine if there

  • by Mirnotoriety ( 10462951 ) on Friday May 24, 2024 @10:58AM (#64496039)
    JAVS Suite 8 [javs.com]: “A complete av management software solution for all your digital recordings. Wherever a verbatim record is needed, JAVS Suite 8 AV management software delivers. Built for Windows 10 and beyond ..

    What's court proceedings even doing on the open Internet?
    • In most "free" countries, court records are public unless there is a pressing need to close the court. Transparency is seen as key to ensuring people are receiving fair trials.

      • > In most "free" countries, court records are public unless there is a pressing need to close the court. Transparency is seen as key to ensuring people are receiving fair trials.

        You shouldn't be able to remotely alter the court record.
        • by _merlin ( 160982 )

          You seem to be completely misunderstanding what the software is supposed to do. It isn't supposed to allow court records to be altered. It allows endpoints to upload recordings, etc. to a central server. The issue is someone screwed up building an installer for the client software that runs on the endpoints, so it installs some kind of malware. Since these endpoint computers have Internet access, the malware can communicate with its command and control network. The concern is that this could alter the

          • > The concern is that this could alter the recordings, etc. before it's uploaded to the server, tainting court records.

            You shouldn't be able to remotely alter the court record.
            • by _merlin ( 160982 )
              You shouldn't be able to remotely alter the court record.

              It isn't about being able to alter it remotely. It's about software running locally on the PC doing the recording altering it before it's uploaded. If the recording device is compromised, you can't trust the recordings - this is unavoidable. There's no suggestion here that the records could be remotely altered after being uploaded.

  • by Black Parrot ( 19622 ) on Friday May 24, 2024 @11:45AM (#64496153)

    "If the software's shit, you must acquit!"

Lawrence Radiation Laboratory keeps all its data in an old gray trunk.

Working...