Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security

+ - 58,000 Security Camera Systems Critically Vulnerable To Hackers-> 1

Submitted by Sparrowvsrevolution
Sparrowvsrevolution (1926150) writes "Eighteen brands of security camera digital video recorders are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company's firewall, according to tests by two security researchers. And 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet.

Early last week a hacker who uses the handle someLuser found that commands sent to a Swann DVR via port 9000 were accepted without any authentication. That trick would allow anyone to retrieve the login credentials for the DVR's web-based control panel. To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPNP) which maps the devices' location to any local router that has UPNP enabled--a common default setting. That feature, designed to allow users to remotely access their video files via remote PC or phone, effectively cuts a hole in any firewall that would expose the device to attackers, too. And security researcher H.D. Moore has been able to show that the flawed architecture isn't just used Swann, but instead effects every company that uses Ray Sharp's firmware. Neither Ray Sharp nor any of the eighteen firms have yet released a firmware fix."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

58,000 Security Camera Systems Critically Vulnerable To Hackers

Comments Filter:
  • Its just a boneheaded decision on the part of [Ray Sharp], says Moore. Fifty-eight thousand homes and businesses are exposed because of the way these things cut holes in the firewall.

    Nope; as-designed by the People's Central Committee.

"Bureaucracy is the enemy of innovation." -- Mark Shepherd, former President and CEO of Texas Instruments

Working...