Eighteen brands of security camera digital video recorders (DVRs) are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company’s firewall, according to tests by two security researchers. And one of the researchers, security firm Rapid7′s chief security officer H.D. Moore, has discovered that 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet.
“The DVR gives you access to all their video, current and archived,” says Moore. “You could look at videos, pause and play, or just turn off the cameras and rob the store.”
“It’s just a boneheaded decision on the part of [Ray Sharp],” says Moore. “Fifty-eight thousand homes and businesses are exposed because of the way these things cut holes in the firewall.”
Not boneheaded. Clever.
By checking the web interfaces of the vulnerable devices and analyzing the Ray Sharp firmware he downloaded from Swann’s website, Moore was able to identify 18 companies that seem to use the faulty code: Swann, Lorex, URMET, KGuard, Defender, DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000.
hanelyp wrote:Sounds like it you need to have these cameras on a network, put them behind a firewall and use a VPN if you must reach them from outside.
This should be standard practice. No end device should be directly accessible from the internet, it's dangerous and incredibly unsafe. For best security use a SSL based VPN solution like OpenVPN, beats the hell out of L2TP and IPSEC implementations. Properly configured it's not even detectable.
Yeah, this sounds more like a study of sites with poor network security not sites with vulnerable security cameras. A simple rule on the external interface of your firewall(s) that drops incoming packets destined for the cameras removes the vulnerability described.
Right. Poor network security. No firewall; the cameras were installed on open wireless networks.
One could make the same complaints about how there are thousands of hackable wide-open routers out there and not tell the story about how the users just didn't bother to set up WPA or better security.