Backdoor In MVPower DVR Firmware Sends CCTV Stills To an Email Address In China

An anonymous reader writes: An IoT security research company has discovered that a DVR model manufactured by MVPower includes a backdoor-like feature in its code that takes a screenshot of your CCTV feed and sends it to an email address hosted somewhere in China. The device's firmware is based on an open source project from GitHub that was pulled by its developer when someone confronted him about the backdoor.

Re:This is why

My network UPNP radios play music from my server only. They don't need internet access.

My IP cameras record video to my server as well. They don't need internet access so they are blocked too.

My managed network switch doesn't need internet access, so it is blocked.

My network printer doesn't need internet.

The IPMI on my server doesn't get internet access.

My Windows machines are next.

Re:DUH.

[AmiMoJo]

Why single out the Chinese? Most American crap has a backdoor and multiple security holes too. At least the Chinese haven't started giving you the "Error 53" middle finger when you try to repair their crap.