Uninvited access to security camera systems pinned down

Jan 29, 2013 by Nancy Owano weblog

(Phys.org)—A digital video recorder (DVR), used in homes and businesses for security, is helpful when not in the hands of criminals, The latter scenario is what is rattling some security blog and Forbes readers, with the recent Forbes report by Andy Greenberg of how criminals are capable of hijacking security cameras. Once in control, surveillance camera footage can be played back, copied, deleted, or changed. The hijackers can also use the machines to access other computers behind the victim's firewall.

The findings come from two -watching quarters pointing to design flaws that affect over 12 DVR brands studied.

One of those security sources, Rapid7, identified hackable video boxes using firmware provided by a China-based firm. Outside Rapid 7, a , who declined to give Forbes his real name, had succeeded in disassembling a device and had run tests on it, finding that commands sent to the device via a port 9000 connection were accepted without authentication. He could use the connection to retrieve login credentials for the DVR's web-based control panel. "A whole slew of security dvr [sic] devices are vulnerable to an unauthenticated login disclosure and unauthenticated command injection."

HD Moore of Rapid7 reported on the blogger's findings, saying that "a researcher going by the name someLuser detailed a number of in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and . In addition to Ray Sharp, the exposures seem to affect rebranded DVR products," he said, and listed over 12 such names.

Fundamental to the problem in the identified DVR platform showing vulnerability is that it supports the Universal Plug and Play (UPnP) protocol. Many routers enable UPnP by default, exposing the vulnerable DVR to the Internet. The DVRs are automatically made visible to external connections using the UPnP protocol. Rapid7 's Moore attributes the problem to design potentially leaving homes and businesses exposed "because of the way these things cut holes in the firewall."

Moore was able to identify some companies that seem to use the code. One of them, Zmodo, however, said it does not use faulty code and that it developed its own inhouse firmware with a substantially higher level of security, and has never been susceptible to the same intrusions as the firmware pegged as vulnerable. Other vendors may tackle the problem sooner than later too. Several vendors that had been listed reported that they were investigating the matter.

Meanwhile, the blogger someLuser suggested owners of affected DVRs temporarily disable UPNP on their routers. Rapid7 released a tool to help identify devices on its website.

Explore further: Facebook's Internet.org expands in Zambia

More information: console-cowboys.blogspot.com/2… -dvr-insecurity.html
www.forbes.com/sites/andygreen… to-hacker-hijacking/
community.rapid7.com/community… etrieval-remote-root

Related Stories

Apricorn Announces External Hard Drive for DVRs

Mar 23, 2007

Storage provider Apricorn, a company that supplies backup and upgrade products for notebook and desktop applications, announced the release of its new DVR Xpander hard drive on Wednesday, a device the company says will instantly ...

Internet Explorer users are warned against Poison Ivy

Sep 18, 2012

(Phys.org)—More than a few Internet Explorer users stand vulnerable to fresh attacks of Poison Ivy. In the latest headline in the "Internet Explorer has a flaw" saga, a security hole in Internet Explorer ...

Digital video recorders do not change shopping behavior

Dec 09, 2010

Watching a television show from a digital video recorder (DVR) gives viewers a chance to skip commercials, but new research finds that owning a DVR does not influence the demand for advertised products despite its ad-skipping ...

Samsung to issue updates in response to printer alert

Nov 29, 2012

(Phys.org)—Samsung has issued a response to CERT's vulnerability advisory about Samsung networked printers but the response may have left printer owners wondering what to do next. Samsung said that it ...

Recommended for you

Facebook's Internet.org expands in Zambia

12 hours ago

(AP)—Facebook's Internet.org project is taking another step toward its goal of bringing the Internet to people who are not yet online with an app launching Thursday in Zambia.

Body by smartphone

Jul 30, 2014

We love our smartphones. Since they marched out of the corporate world and into the hands of consumers about 10 years ago, we've relied more and more on our iPhone and Android devices to organize our schedules, ...

Breakthrough elastic cloud-to cloud networking

Jul 30, 2014

Scientists from AT&T, IBM and Applied Communication Sciences (ACS) announced a proof-of-concept technology that reduces set up times for cloud-to-cloud connectivity from days to seconds. This advance is a major step forward ...

Security CTO to detail Android Fake ID flaw at Black Hat

Jul 29, 2014

Where have you heard this before: A team of security researchers discover a security flaw in Android devices. This is, however, news. This time, experts are talking about a flaw that involves a widespread ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

tigger
1 / 5 (1) Jan 29, 2013
The Rapid7 tool needs Java to run, last week we were blasted with the failings of Java with regards to security.

Epic fail.