Icom IC-9700 hidden telnet service

My Icom IC-9700 is connected to the network. And, as a freelance linux and infrastructure (security) engineer, I could not resist to do a port-scan on the box. The first result was port 23, used for the legacy telnet service. Loggin in was easy. No username and password required to get a shell. Quite shocking and a real security risk for devices directly connected to the Internet. That’s a receipe to get hacked within hours.

Since the # would suggest it’s a rootshell, the available commands are quite limited (yet…). But I assume it’s an RTOS shell. I’ll find time to figure it out.

5 comments

Skip to comment form

    • dave on 05/04/2019 at 23:32
    • Reply

    Wow! That’s pretty bass-ackward on Icom’s part. I’m not sure what could be hacked (besides a restart or a password change) unless there are hidden commands…

    • Jeff Hochberg on 06/04/2019 at 18:42
    • Reply

    Any authentication required? Or just telnet to port 23 and you’re in?

    1. No auth.

    • Torque on 09/04/2019 at 13:47
    • Reply

    Never open firewall ports to your radio, always use a VPN instead. (No matter what other fools tell you).

    • Ed Woodrick on 14/04/2019 at 20:20
    • Reply

    Why would anyone ever directly connect the radio to the Internet? It should always be behind a firewall with only the specifically required ports opened.

Leave a Reply

Your email address will not be published.