Icom IC-9700 hidden telnet service

My Icom IC-9700 is connected to the network. And, as a freelance linux and infrastructure (security) engineer, I could not resist to do a port-scan on the box. The first result was port 23, used for the legacy telnet service. Loggin in was easy. No username and password required to get a shell. Quite shocking and a real security risk for devices directly connected to the Internet. That’s a receipe to get hacked within hours.

Since the # would suggest it’s a rootshell, the available commands are quite limited (yet…). But I assume it’s an RTOS shell. I’ll find time to figure it out.

6 comments

Skip to comment form

    • dave on 05/04/2019 at 23:32
    • Reply

    Wow! That’s pretty bass-ackward on Icom’s part. I’m not sure what could be hacked (besides a restart or a password change) unless there are hidden commands…

    • Jeff Hochberg on 06/04/2019 at 18:42
    • Reply

    Any authentication required? Or just telnet to port 23 and you’re in?

    1. No auth.

    • Torque on 09/04/2019 at 13:47
    • Reply

    Never open firewall ports to your radio, always use a VPN instead. (No matter what other fools tell you).

    • Ed Woodrick on 14/04/2019 at 20:20
    • Reply

    Why would anyone ever directly connect the radio to the Internet? It should always be behind a firewall with only the specifically required ports opened.

    • David on 05/05/2019 at 10:30
    • Reply

    Second page of the manual says:

    “This product includes RTOS “RTX” software, and is
    licensed according to the software license.

    This product includes “zlib” open source software,
    and is licensed according to the open source
    software license.

    This product includes “libpng” open source software,
    and is licensed according to the open source
    software license.

    Refer to the “About the Licenses” page at the end
    of this manual for information on the open source
    software being used in this product.”

    So yes, RTOS RTX.

Leave a Reply to David Cancel reply

Your email address will not be published.