Security Advisory affecting
DSCS9X and DSCS95
DSCS9X and DSCS95
A security issue has been identified with the firmware on DSDevices DSCS95 and DSCS9X devices, which may allow an attacker on the same local network as the device to execute arbitrary commands on the device as the system user.
Summary
New firmware has been released to rectify the problem, and we strongly recommend all
owners of DSCS9X or DSCS95 devices to check if their units are affected, and either
upgrade to the latest firmware version, or apply the settings change detailed below.
Firmware versions are named by their build date. For example, firmware version 20230109 refers to 9th January 2023.
For the DSCS9X, firmware version 20240909 and later resolves the issue.
For the DSCS95, firmware version 20240904 and later resolves the issue.
To see your current firmware version, from the Launcher click the Settings icon, Device Preferences, About and scroll down to the bottom where you’ll find the “Build” section. The firmware version is listed near to the end of the line:
In the screenshot from a DSCS9X, version 20240909 is shown which is not vulnerable to
this issue.
If your firmware version is lower than 20240909 in the case of a DSCS9X, or lower than 20240904 in the case of a DSCS95, then the device is vulnerable and you should take action to secure the device.
Firmware versions are named by their build date. For example, firmware version 20230109 refers to 9th January 2023.
For the DSCS9X, firmware version 20240909 and later resolves the issue.
For the DSCS95, firmware version 20240904 and later resolves the issue.
To see your current firmware version, from the Launcher click the Settings icon, Device Preferences, About and scroll down to the bottom where you’ll find the “Build” section. The firmware version is listed near to the end of the line:
If your firmware version is lower than 20240909 in the case of a DSCS9X, or lower than 20240904 in the case of a DSCS95, then the device is vulnerable and you should take action to secure the device.
Mitigation
Updated firmware is available to resolve this issue for both devices.
If your local network configuration makes it impossible for untrusted users to make connections to your devices across the network, then upgrading the firmware via OTA or making the configuration change below is sufficient to remediate the situation. Additional options for mitigation using the Xibo CMS and Xibo for Android are available in the security advisory on the Xibo Signage website.
If the local network your device is connected to is open to untrusted users (e.g. guest/open wifi networks without Client device isolation enabled, shared wired or wifi networks), then we’d recommend doing a factory reset before applying the OTA upgrade, or performing a full firmware reflash to ensure that the device is returned to a healthy condition.
Please find mitigation steps for each scenario below.
If your local network configuration makes it impossible for untrusted users to make connections to your devices across the network, then upgrading the firmware via OTA or making the configuration change below is sufficient to remediate the situation. Additional options for mitigation using the Xibo CMS and Xibo for Android are available in the security advisory on the Xibo Signage website.
If the local network your device is connected to is open to untrusted users (e.g. guest/open wifi networks without Client device isolation enabled, shared wired or wifi networks), then we’d recommend doing a factory reset before applying the OTA upgrade, or performing a full firmware reflash to ensure that the device is returned to a healthy condition.
Please find mitigation steps for each scenario below.
Firmware Upgrade via OTA
Details of how to upgrade via OTA are available on the Xibo Signage website here:
DSCS9X OTA Upgrade Instructions
DSCS95 OTA Upgrade Instructions
DSCS9X OTA Upgrade Instructions
DSCS95 OTA Upgrade Instructions
Configuration Change
If you are not able, or do not wish to upgrade the firmware on your device, you can instead
make a configuration change on the device to mitigate the vulnerability - however note that
this configuration change will not persist across a factory reset, so you will need to ensure
that you reapply the change if you factory reset the device in future.
From the Launcher, click on Settings, Device Preferences, About. Scroll down to show the Build section, and click on the word Build seven times in a row, or until the toast “You are now a developer!” appears:
Now go back to the Launcher, and click Settings, Device Preferences, Developer Options.
Scroll down to the Debugging section, and ensure USB debugging is turned off.
Optionally turn off “Enable developer options” at the top of the list to re-hide the Developer
Options menu.
From the Launcher, click on Settings, Device Preferences, About. Scroll down to show the Build section, and click on the word Build seven times in a row, or until the toast “You are now a developer!” appears:
Factory Reset and OTA
Backup any apps, settings or configuration you may need to restore on to your
device, as a factory reset will wipe all data from it.
To perform a factory reset, from the Launcher, click on Settings, Device Preferences, Reset. Click Reset again. The device will reboot..
Immediately apply the OTA upgrade as detailed above before connecting your device to the local network. You can then restore any data and reconfigure any apps as required.
To perform a factory reset, from the Launcher, click on Settings, Device Preferences, Reset. Click Reset again. The device will reboot..
Immediately apply the OTA upgrade as detailed above before connecting your device to the local network. You can then restore any data and reconfigure any apps as required.
Full Reflash
Backup any apps, settings or configuration you may need to restore on to your
device, as reflashing the device will wipe all data from it.
DSCS9X Firmware Reflashing Instructions
DSCS95 Firmware Reflashing Instructions
DSCS9X Firmware Reflashing Instructions
DSCS95 Firmware Reflashing Instructions
How to get help
If you need help to understand if your device is vulnerable to this issue, or assistance in
applying one of the mitigation options described above, please contact the Xibo Signage
Helpdesk. You can do this from the Xibo Signage website in the My Account - Tickets section, or by emailing support@xibosignage.com. Please also check the security advisory notice posted on the Xibo Signage website as this has additional options for mitigation from
the Xibo CMS.
Disclosure Timeline
28th August 2024 - Xibo Signage was notified of a vulnerability in the firmware of DSCS9X
device.
29th August 2024 - Xibo Signage investigated the issue internally and confirmed the problem applied to both DSCS9X and DSCS95 devices, across all released firmware versions.
29th August 2024 - Xibo Signage disclosed the vulnerability to DSDevices.
6th September 2024 - Fixed DSCS95 firmware made available via the Xibo Signage website, and on all devices shipping from the DSDevices warehouse in the UK.
11th September 2024 - Fixed DSCS9X firmware made available via the Xibo Signage website, and on all devices shipping from the DSDevices warehouse in the UK.
19th September 2024 - Public disclosure
29th August 2024 - Xibo Signage investigated the issue internally and confirmed the problem applied to both DSCS9X and DSCS95 devices, across all released firmware versions.
29th August 2024 - Xibo Signage disclosed the vulnerability to DSDevices.
6th September 2024 - Fixed DSCS95 firmware made available via the Xibo Signage website, and on all devices shipping from the DSDevices warehouse in the UK.
11th September 2024 - Fixed DSCS9X firmware made available via the Xibo Signage website, and on all devices shipping from the DSDevices warehouse in the UK.
19th September 2024 - Public disclosure
