Uninvited access to security camera systems pinned down

January 29, 2013 by Nancy Owano, Phys.org weblog

(Phys.org)—A digital video recorder (DVR), used in homes and businesses for security, is helpful when not in the hands of criminals, The latter scenario is what is rattling some security blog and Forbes readers, with the recent Forbes report by Andy Greenberg of how criminals are capable of hijacking security cameras. Once in control, surveillance camera footage can be played back, copied, deleted, or changed. The hijackers can also use the machines to access other computers behind the victim's firewall.

The findings come from two -watching quarters pointing to design flaws that affect over 12 DVR brands studied.

One of those security sources, Rapid7, identified hackable video boxes using firmware provided by a China-based firm. Outside Rapid 7, a , who declined to give Forbes his real name, had succeeded in disassembling a device and had run tests on it, finding that commands sent to the device via a port 9000 connection were accepted without authentication. He could use the connection to retrieve login credentials for the DVR's web-based control panel. "A whole slew of security dvr [sic] devices are vulnerable to an unauthenticated login disclosure and unauthenticated command injection."

HD Moore of Rapid7 reported on the blogger's findings, saying that "a researcher going by the name someLuser detailed a number of in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and . In addition to Ray Sharp, the exposures seem to affect rebranded DVR products," he said, and listed over 12 such names.

Fundamental to the problem in the identified DVR platform showing vulnerability is that it supports the Universal Plug and Play (UPnP) protocol. Many routers enable UPnP by default, exposing the vulnerable DVR to the Internet. The DVRs are automatically made visible to external connections using the UPnP protocol. Rapid7 's Moore attributes the problem to design potentially leaving homes and businesses exposed "because of the way these things cut holes in the firewall."

Moore was able to identify some companies that seem to use the code. One of them, Zmodo, however, said it does not use faulty code and that it developed its own inhouse firmware with a substantially higher level of security, and has never been susceptible to the same intrusions as the firmware pegged as vulnerable. Other vendors may tackle the problem sooner than later too. Several vendors that had been listed reported that they were investigating the matter.

Meanwhile, the blogger someLuser suggested owners of affected DVRs temporarily disable UPNP on their routers. Rapid7 released a tool to help identify devices on its website.

Explore further: Apricorn Announces External Hard Drive for DVRs

More information: console-cowboys.blogspot.com/2 … -dvr-insecurity.html
www.forbes.com/sites/andygreen … to-hacker-hijacking/
community.rapid7.com/community … etrieval-remote-root

Related Stories

Apricorn Announces External Hard Drive for DVRs

March 23, 2007

Storage provider Apricorn, a company that supplies backup and upgrade products for notebook and desktop applications, announced the release of its new DVR Xpander hard drive on Wednesday, a device the company says will instantly ...

Internet Explorer users are warned against Poison Ivy

September 18, 2012

(Phys.org)—More than a few Internet Explorer users stand vulnerable to fresh attacks of Poison Ivy. In the latest headline in the "Internet Explorer has a flaw" saga, a security hole in Internet Explorer 7,8, and 9 is ...

Digital video recorders do not change shopping behavior

December 9, 2010

Watching a television show from a digital video recorder (DVR) gives viewers a chance to skip commercials, but new research finds that owning a DVR does not influence the demand for advertised products despite its ad-skipping ...

Samsung to issue updates in response to printer alert

November 29, 2012

(Phys.org)—Samsung has issued a response to CERT's vulnerability advisory about Samsung networked printers but the response may have left printer owners wondering what to do next. Samsung said that it is aware of and has ...

Recommended for you

Researchers make coldest quantum gas of molecules

February 21, 2019

JILA researchers have made a long-lived, record-cold gas of molecules that follow the wave patterns of quantum mechanics instead of the strictly particle nature of ordinary classical physics. The creation of this gas boosts ...

Sculpting stable structures in pure liquids

February 21, 2019

Oscillating flow and light pulses can be used to create reconfigurable architecture in liquid crystals. Materials scientists can carefully engineer concerted microfluidic flows and localized optothermal fields to achieve ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (1) Jan 29, 2013
The Rapid7 tool needs Java to run, last week we were blasted with the failings of Java with regards to security.

Epic fail.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.