Massive security flaw in CCTV systems

Over 70 CCTV vendors have white-labelled products from TVT which are vulnerable to a remote code execution attack.

By Staff Writer - March 24, 2016

The digital video recording (DVR) devices in the CCTV systems of over 70 different vendors have inherited a security flaw from the original manufacturer, TVT.

This is according to security researcher Rotem Kerner, who was following up on 2014 research into the Backoff POS Trojan operation.

Researchers found that criminals used vulnerable DVR boxes as a vector from which to attack point-of-sale systems.

Kerner said after a query on Shodan, he found more than 30,000 potentially-vulnerable DVRs connected to the Internet.

He then explored one of the DVRs and found a way to exploit a vulnerability to allow him to execute any program on the device.

TVT, which is based in China, ignored Kerner’s reports of the bug, so he publicly disclosed the issue.

“Your best shot would probably be to deny any connection from an unknown IP address to the DVR services,” said Kerner.

A list of affected vendors is available in Kerner’s blog post
Reference
http://mybroadband.co.za/news/security/159596-massive-security-flaw-in-cctv-systems.html

Welcome to Morena Nzimande Blog

Search This Blog

Massive security flaw in CCTV systems

Comments

Post a Comment