Back in 2014, RSA published a report documenting a new tactic by criminal gangs: they were hacking into the digital video recorders that stored the feeds from security cameras to gather intelligence on their targets prior to committing their robberies.
Two years later, security researcher Rotem Kerner, who wrote the RSA report, decided to take another look at the vulnerabilities that the crooks had used to go after these PVRs. After some smart analysis, he determined that the vulnerability stemmed from a "white-label" PVR that a single Chinese manufacturer provided to over 70 different companies around the world, who rebranded them and sold them under their own names.
Kerner has published a proof-of-concept attack for these devices that lets him take them over and monitor the feeds from any cameras connected to them. In other words, it's likely that criminals could easily break into your security system and see everything your cameras are seeing, making copies of the stored video from those cameras.
Kerner has repeatedly contacted TVT, the Chinese manufacturer that originated the defective PVRs, but has received no response. He's going public because he believes criminals are already attacking the PVRs.
Since there are many vendors who redistribute this hardware-software it is hard to rely on vendors patch to arrive at your doorstep. I believe there are few more vulnerabilities being exploited in the wild against these machines and therefore your best shot would probably be to deny any connection from an unknown IP address to the DVR services. And so I will leave you here with a list of vendors who are selling some of TVT's re-branded gear.
Last note about the responsible disclosure process. I've been trying to contact TVT for quite some time with no luck. They have been ignoring me for too long, so they left me with no choice but to disclosure.
Remote Code Execution in CCTV-DVR affecting over 70 different vendors
Iowa state court officials contracted with Coalfire to conduct "penetration tests" on its security; as part of those tests, two Coalfire employees broke-and-entered the Adel, Iowa courthouse, and were caught by law-enforcement, whose bosses in Dallas County were not notified of the test.
Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product.
For decades, people (including me) have predicted that cyberinsurers might be a way to get companies to take security seriously. After all, insurers have to live in the real world (which is why terrorism insurance is cheap, because terrorism is not a meaningful risk in America), and in the real world, poor security practices destroy […]
Your smartphone’s GPS is a modern necessity for some trips, but how do you use it safely? It’s been a problem ever since phones went mobile. A certain phone mount even shelled out the money for a commercial during the Big Game, so clearly there’s a market for the solution. Turns out there are a […]
There’s reading for pleasure, and then there’s reading for fuel; absorbing the great ideas in nonfiction books so you can apply them in your own life. In today’s hectic pace, it can be difficult to find the time to do that reading – especially for the entrepreneurs and professionals who can benefit the most from […]
Breaking into the big leagues as a project manager isn’t done overnight, but there are principles that anyone can learn, and they’re applicable to nearly any business. No matter what your field, if there are multiple teams working toward a common goal, you’re going to need a roadmap. The Project Management Professional Certification Training Suite […]