CCTV DVR Vulnerabilities Traced To Chinese OEM Which Spurned Researchers' Advice

An anonymous reader writes: RSA security researcher Rotem Kerner has identified a common vulnerability in the firmware of 70 different CCTV DVR vendors, which allows crooks to execute code and gain root privileges on the affected devices. The problem was actually in the firmware of just one DVR sold by Chinese firm TVT. The practice of "white-labeling" products helped propagate this issue to other "manufacturers" who did nothing more than to buy a non-branded DVR, tweaked its firmware, slapped their logo on top, and sold it a their own, vulnerability included.

Zoneminder is full-featured, -more- secure, open s

[raymorris]

For the DVR and management interface, Zone Minder is THE open source solution and has been for a long time. It can do all kinds of things like run motion detection on the feeds and when motion is detected it turns on the light and pans your high-quality camera to view the area where the motion was.

It's -more- secure than the stuff made by Happy Fun Camera Ltd, in China, with instructions that read "button the press longly is record of picture motions", which also happens to be the exact same system sold under many brand names. I don't know that it's had a complete security audit, but it's better than Chinese "button the press longly ".

https://zoneminder.com/

As others have mentioned, configuring a separate video vlan (or ssid) which isn't connected to the internet will get you most of the way there for camera security. Your cheap consumer wifi router can do a no-internet ssid by using the parental control feature.