×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

58,000 Security Camera Systems Critically Vulnerable To Hackers

Sparrowvsrevolution (1926150) writes | about a year ago

Security 1

Sparrowvsrevolution (1926150) writes "Eighteen brands of security camera digital video recorders are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company's firewall, according to tests by two security researchers. And 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet.

Early last week a hacker who uses the handle someLuser found that commands sent to a Swann DVR via port 9000 were accepted without any authentication. That trick would allow anyone to retrieve the login credentials for the DVR's web-based control panel. To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPNP) which maps the devices' location to any local router that has UPNP enabled--a common default setting. That feature, designed to allow users to remotely access their video files via remote PC or phone, effectively cuts a hole in any firewall that would expose the device to attackers, too. And security researcher H.D. Moore has been able to show that the flawed architecture isn't just used Swann, but instead effects every company that uses Ray Sharp's firmware. Neither Ray Sharp nor any of the eighteen firms have yet released a firmware fix."

Link to Original Source

1 comment

Um, no (1)

ThatsNotPudding (1045640) | about a year ago | (#42717887)

Its just a boneheaded decision on the part of [Ray Sharp], says Moore. Fifty-eight thousand homes and businesses are exposed because of the way these things cut holes in the firewall.

Nope; as-designed by the People's Central Committee.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...