clock menu more-arrow no yes

Filed under:

Security camera recorders could be open to tampering because of common firmware flaw

New, 5 comments
security camera
security camera

The DVR boxes used to manage recording from security cameras may not actually be so secure. A hacker at Console Cowboys found that the Ray Sharp platform used by many companies' DVRs — the author lists Swann, KGuard Security, and more — is vulnerable to unauthorized access, even from behind a firewall. "SomeLuser" found that the platform is set to automatically enable Universal Plug n Play, making it easily accessible through networks that support it. Connecting through Port 9000 allowed users to bypass security, then request the username and password for the DVR in plain text. From there, it's possible to exploit more loopholes to run system commands, accessing or deleting footage. That could make it one of several standard business technologies that's turned out to be full of security holes.

Rapid7 Chief Security Officer HD Moore has confirmed the vulnerability, which he says "provides remote, unauthorized access to security camera recording systems." If it's as widespread as believed — while neither has tested it on all the brands mentioned, both are confident it's present across the board — it potentially undermines the security of small businesses, who are likely to have UPnP enabled, says Moore. For now, there doesn't seem to be an easy fix for users, though DVR seller Zmodo has told Forbes it developed its own firmware that "has never been susceptible to the same intrusions as firmware developed by Ray Sharp."