AMX Media Statement

AMX by Harman addresses blog post by SEC Consult claiming to discover security vulnerability in AMX devices and systems
Publish date:
Social count:
AMX by Harman addresses blog post by SEC Consult claiming to discover security vulnerability in AMX devices and systems

A number of stories have run today about an independent security firm’s identification of certain potential security vulnerabilities in AMX systems.  Unfortunately, these stories are confusing, and we would like to clarify a number of the issues that have been discussed.

First, we want to clarify the risks and terms being discussed. “Black widow” was an internal name for a legacy diagnostic and maintenance login for customer support of technical issues. Commonly used in legacy systems, it was not “hidden” as suggested, nor did it provide access to customer information. While such a login is useful for diagnostics and maintenance, during our routine security review in the summer of 2015, we determined that it would be prudent to eliminate this feature as part of a comprehensive software update.  We informed our customers and the update was deployed in December 2015.

1MB@tMaN” was an entirely different internal feature that allowed internal system devices to communicate. It was not an external login nor was it accessible from outside of the product. The “1MB@tMaN” internal system device capability also was not related to nor a replacement for the “Black Widow” diagnostic login.  The only connection was the fact that our software update that eliminated “Black Widow” also provided an update to the “1MB@tMaN” internal capability that eliminated this name.

The firmware update, NX v1.4.65 is applicable to products and systems incorporating the NetLinx NX Control platform and was released on Dec 22, 2015. It is available on  More information on this release can be found at This issue has been addressed in legacy NI series by Hotfix v. 4.1.419 and is available from AMX Technical Support.

In terms of the names, these were light hearted internal project names that our programmers used with no intended meaning.

We take security very seriously and are continuously testing our own systems and capabilities and developing more sophisticated updates.


Was there ever any potential significant threat?

There are multiple layers of security in these systems and we did not see serious risks due to the issues we identified. In addition, we are not aware of any breaches.

Did this consultant reveal the issue?

While we appreciate the interest of the security consultant that posted the story, AMX had already identified the issues through our routine security review and had been working on the solution internally.



Killers 1

Delicate Productions Supports The Killers US Tour

Delicate Productions supplied a Martin Audio MLA system to reinforce the recent The Killers US Wonderful Wonderful tour that headlined leading venues such as the Barclays Center and Madison Square Garden in New York City, United Center in Chicago, American Airlines Arena in Miami more