DVR flaw allows hackers to access CCTV camera files

Posted by Shane McGlaun

Researchers have apparently discovered a security flaw in the DVR systems used by several CCTV video camera manufacturers.

Indeed, the vulnerability reportedly leaves the video stored and streamed from the CCTV cameras subject to attack. According to the researchers, hackers exploiting the flaw can watch, copy and delete video streams.

The researchers also note that unless the CCTV systems are firewalled correctly, the security flaws that have been discovered in the firmware of the DVR's can also be used as a starting point for attacks on networks that the DVR and camera systems are connected to.

Nineteen different manufacturers are believed to be selling CCTV devices that are vulnerable to the attack. The vulnerable DVRs use firmware from a company based in China called Ray Sharp.

The Register reports that the security vulnerability was first demonstrated in recent weeks by a hacker using the name someLuser. The hacker allegedly discovered that certain commands sent to a Swan DVR on port 9000 were accepted without requiring any authentication. This gave the hacker and easy to exploit means to hack into the DVR web-based control panel.

Since the DVRs support universal plug-and-play, they are said to be extremely visible on the Internet. Home and small-office routers widely used automatically enable UPnP as the default setting, meaning tens of thousands of vulnerable video recorders are believed to be exposed on the Internet. The researchers also say that to make matters worse, the Ray Sharp DVR platform stores usernames and passwords as clear text.

"In addition to Ray Sharp, the exposures seem to affect rebranded DVR products by Swann, Lorex, URMET, KGuard, Defender, DEAPA/DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000," HD Moore, CTO of the security tools company called Rapid7 explained in a blog post.

"The vulnerabilities allow for unauthenticated access to the device configuration, which includes the clear-text usernames and passwords that, once obtained, can be used to execute arbitrary system commands root through a secondary flaw in the web interface. someLuser's blog post includes a script for obtaining the clear-text passwords as well as a standalone exploit that yields a remote root shell on any vulnerable device... In short - this provides remote, unauthorised access to security camera recording systems."