Slashdot Mirror

← Back to Stories (view on slashdot.org)

58,000 Security Camera Systems Critically Vulnerable To Attackers

Posted by Unknown on from the your-curtains-are-ugly dept.

Sparrowvsrevolution writes with news of some particularly insecure security cameras. From the article: "Eighteen brands of security camera digital video recorders are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company's firewall, according to tests by two security researchers. And 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet. Early last week a hacker who uses the handle someLuser found that commands sent to a Swann DVR via port 9000 were accepted without any authentication. That trick would allow anyone to retrieve the login credentials for the DVR's web-based control panel. To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPnP) which maps the devices' location to any local router that has UPnP enabled — a common default setting. ...Neither Ray Sharp nor any of the eighteen firms have yet released a firmware fix."

1 of 157 comments (clear)

  1. Port knocking by Okian+Warrior · · Score: 5, Informative

    Port knocking is where the inbound system won't connect until a series of unsuccessful attempts is tried on a known sequence of ports - the system will open the door only when the visitor gives the "secret knock".

    For example, a system won't normally accept connection requests. If the visitor attempts (unsuccessfully) ports 1010, 1050, 3042, and 4725 in that order, the system then accepts a connection at port 9000. (Use different numbers and length as needed for security.)

    It is nigh impossible for a security audit to detect this type of camouflage. This technique has been well-known for years.

    If China were putting back-doors in hardware systems, they could make them virtually impossible to find.

    That's circumstantial evidence that this isn't a case of espionage on the part of the manufacturer. It's more likely a flaw in the software or a debugging port that wasn't compiled out in the released version.