Back in 2014, RSA published a report documenting a new tactic by criminal gangs: they were hacking into the digital video recorders that stored the feeds from security cameras to gather intelligence on their targets prior to committing their robberies.
Two years later, security researcher Rotem Kerner, who wrote the RSA report, decided to take another look at the vulnerabilities that the crooks had used to go after these PVRs. After some smart analysis, he determined that the vulnerability stemmed from a "white-label" PVR that a single Chinese manufacturer provided to over 70 different companies around the world, who rebranded them and sold them under their own names.
Kerner has published a proof-of-concept attack for these devices that lets him take them over and monitor the feeds from any cameras connected to them. In other words, it's likely that criminals could easily break into your security system and see everything your cameras are seeing, making copies of the stored video from those cameras.
Kerner has repeatedly contacted TVT, the Chinese manufacturer that originated the defective PVRs, but has received no response. He's going public because he believes criminals are already attacking the PVRs.
Since there are many vendors who redistribute this hardware-software it is hard to rely on vendors patch to arrive at your doorstep. I believe there are few more vulnerabilities being exploited in the wild against these machines and therefore your best shot would probably be to deny any connection from an unknown IP address to the DVR services. And so I will leave you here with a list of vendors who are selling some of TVT's re-branded gear.
Last note about the responsible disclosure process. I've been trying to contact TVT for quite some time with no luck. They have been ignoring me for too long, so they left me with no choice but to disclosure.
Remote Code Execution in CCTV-DVR affecting over 70 different vendors
Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world.
Daniel Moghimi, Berk Sunar, Thomas Eisenbarth and Nadia Heninger have published TPM-FAIL: TPM meets Timing and Lattice Attacks, their Usenix security paper, which reveals a pair of timing attacks against trusted computing chips ("Trusted Computing Modules" or TPMs), the widely deployed cryptographic co-processors used for a variety of mission-critical secure computing tasks, from verifying software […]
The privacy-focused web browser Brave has finally launched a 1.0 version, bringing it officially out of beta.
WordPress is a fantastic tool for building web pages – if you know how to use it. Even with all the accessibility, a lot of the deeper features of WordPress are lost in translation to the average user. Enter WP Page Builder, a tool that not only makes WordPress site design easy but also more […]
In this age of ever-shrinking gadgets, it bears reminding that sometimes bigger is actually better. And if you care about audio quality, we can’t think of a better example of this principle than these TREBLAB Z2 Bluetooth 5.0 Noise-Cancelling Headphones. We know tiny Bluetooth earbuds are all the rage right now. But their battery life […]
In this Instagram age, pictures aren’t just worth a thousand words; they can be worth a pretty penny, too, which makes graphic designers a highly sought-after profession. But being a graphic artist takes more than just the ability to draw a picture, and certainly more than the ability to navigate through Photoshop. The School of […]