Nuuo is a leading vendor of "trusted video management" tools used in conjunction with CCTVs deployed in sensitive applications like surveillance of "transport, banking, government, and residential areas."
By using a new zero-day bug dubbed "Peekaboo" by its discoverers at the security research firm Tenable, attackers can access Nuuo systems, and view, alter, and delete stored video -- they can also steal logins, passwords and other sensitive data from the systems. "Hundreds of thousands" of video cameras are connected to vulnerable systems worldwide.
The vulnerability has not yet been patched. A tool from Tenable will let Nuuo system owners determine whether they are vulnerable. Nuuo tools are sold under more than 100 brands, often bundled with cameras under "white label" arrangements.
Peekaboo specifically impacts the NVRMini 2 NAS and network video recorder, which acts as a hub for connected surveillance products. When exploited, the product permitted access to the control management system (CMS) interface, which further exposes credentials of all connected video surveillance cameras connected to the storage system.
Speaking to ZDNet, Gavin Millard, VP of threat intelligence at Tenable, said that organizations all over the world use Nuuo software, including in shopping centers, hospitals, banks, and public areas.
However, therein lies the problem -- as the software is also white labeled to over 100 brands and 2,500 camera product lines.
Hackers hijack surveillance camera footage with 'Peekaboo' zero-day vulnerability [Charlie Osborne/Zdnet]
Hashimoto Baku ("a Tokyo based video director/visual artist/developer") digs into fascinating depth on the "slit-scan" technique: "[imagine] a quite thick flipbook that all frames of a video are bound page by page. If you just rifle through it, the original video will be just played. Slit-scan intrinsically means slicing the flipbook diagonally."
Competition scholar Tim Wu (previously) is one of the most cogent, accessible voices in the antitrust debate; his recent book on the subject is a must-read; this week, he debated George Mason University scholar Tyler Cowen, proprietor of Marginal Revolution and one of the leading voices for the expansion of unfettered, unregulated capitalism -- he's […]
Juice Media's Honest Government Adverts are some of the best, most biting political satire being produced today -- they're so good at afflicting the comfortable that Australia basically banned their style of humour -- and now, on the eve of (yet another) critical Australian election, they've produced a "season finale" that recaps the parade of […]
If you’re into tools or gadgets, Memorial Day weekend is your Christmas. Take an extra 15% off the final price of these DIY accessories – all of which are already on sale – by entering the promo code WEEKEND15. LUXJET Universal 24-in-1 Magnetic Screwdriver Set & Repair Kit This small but sturdy kit won the […]
If you can build a cloud infrastructure, you can build a business. Companies are overwhelmingly turning to cloud computing to set up or bolster their network, and it’s easy to see why. It allows on-demand access to processing power, a la carte services, and nearly unlimited storage, all without adding extra systems and the maintenance […]
Does your gaming setup need an upgrade? No need to wait for Christmas. We’ve rounded up the latest tech accessories for your favorite video game platforms. All of them are already sale priced, but you can knock an additional 15% off the final price for Memorial Day by using the online code WEEKEND15. Audeze Mobius […]