Nuuo is a leading vendor of "trusted video management" tools used in conjunction with CCTVs deployed in sensitive applications like surveillance of "transport, banking, government, and residential areas."
By using a new zero-day bug dubbed "Peekaboo" by its discoverers at the security research firm Tenable, attackers can access Nuuo systems, and view, alter, and delete stored video -- they can also steal logins, passwords and other sensitive data from the systems. "Hundreds of thousands" of video cameras are connected to vulnerable systems worldwide.
The vulnerability has not yet been patched. A tool from Tenable will let Nuuo system owners determine whether they are vulnerable. Nuuo tools are sold under more than 100 brands, often bundled with cameras under "white label" arrangements.
Peekaboo specifically impacts the NVRMini 2 NAS and network video recorder, which acts as a hub for connected surveillance products. When exploited, the product permitted access to the control management system (CMS) interface, which further exposes credentials of all connected video surveillance cameras connected to the storage system.
Speaking to ZDNet, Gavin Millard, VP of threat intelligence at Tenable, said that organizations all over the world use Nuuo software, including in shopping centers, hospitals, banks, and public areas.
However, therein lies the problem -- as the software is also white labeled to over 100 brands and 2,500 camera product lines.
Hackers hijack surveillance camera footage with 'Peekaboo' zero-day vulnerability [Charlie Osborne/Zdnet]
This video from Bohemian Browser Ballett on Germany's public broadcaster Funk is absolutely genius: a comic dialogue between a literal uniformed Nazi officer outraged that someone had the temerity to call him a Nazi: "Just because someone doesn't share mainstream opinion it doesn't mean he's a Nazi. Maybe I'm a concerned citizen who is afraid […]
Billy Green writes, "This is video I shot at the Boing Boing Picnic in 2010. Music by Dr. Popular recorded live at the picnic." Such fantastic footage!
In the latest Adafruit video (previously) the proprietors, Limor "ladyada" Friend and Phil Torrone, explain the basics of machine learning, with particular emphasis on the difference between computing a model (hard) and implementing the model (easy and simple enough to run on relatively low-powered hardware), and then they install and run Tensorflow Light on a […]
Whether you’re using them for next-level selfies or steady tracking shots, gimbals are a must for anyone who wants to maximize the potential of these powerful smartphone cameras we’re all carrying around. But those smartphones are also supposed to be portable, and let’s face it: Gimbals tend to offset that advantage. Weighing in at just […]
It’s too hot for yard sales, but hey: The internet is here for you. Here are the top ten deals on some of the Boing Boing Store’s best gear, just in time for summer. It’s everything from grills to security cameras to MacBook Pros, and they might be as low as they’re ever going to […]
When it comes to getting stats and ideas across quickly, there’s still nothing like a good slide presentation. But the critical word here is “good” – not 20 slides all thrown together with the same stock PowerPoint template. Whether it’s a crucial pitch for a new business or a quarterly report, Slideshop can be a […]