Peekaboo: Tenable spotlights vulnerability that could allow manipulation of surveillance footage - Technical.ly Baltimore

Dev

Sep. 18, 2018 3:30 pm

Peekaboo: Tenable spotlights vulnerability that could allow manipulation of surveillance footage

The Columbia-based cybersecurity firm released new research on software used in public spaces around the world.

Tenable warns security cameras could be vulnerable.

(Photo by Flickr user Rusty Clark, used under a Creative Commons license)

Tenable, the recently IPO’d, Columbia-based cybersecurity companyreleased new research this week showing a security vulnerability in software that powers video surveillance systems.

The “Peekaboo” vulnerability could leave open the potential for attackers to take control of and potentially manipulate footage from software created by NUUO, which is used around the world. Called NVRMini2, the device is a storage device and mini recorder, Tenable states in a blog post. Here’s what they found, according to Techcrunch:

The vulnerability works via a stack buffer overflow, overwhelming the targeted software and opening the door for remote code execution. That loophole means that an attacker could remotely access and take over accounts with no authorization, even taking over networked cameras connected to the target device.

Jacob Baines, a senior research engineer at Tenable, developed an exploit demonstrating what could happen.

“An attacker can gain full system access, giving them control over and access to attached camera feeds and recordings. In addition, access credentials for connected cameras can be read in cleartext,” Tenable writes.

In the blog post, Tenable said NUUO’s software is used by third-party vendors through white-labeling and licensing, so the full list of those affected are unknown.

Advertisement

A patch was not immediately available Monday, but Tenable said NUUO was developing one.

“In the meantime, we advise affected end users to restrict and control network access to the vulnerable devices to authorized and legitimate users only,” the company stated.

The vulnerabilities in surveillance systems are among the concerns of cybersecurity pros working on securing devices. Last year, Fulton-based ReFirm Labs found vulnerabilities in specific models of security cameras.

-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here

Advertisement

ReFirm Labs goes deep in the supply chain to get ahead of IoT security issues

ISE research spotlights cryptocurrency vulnerabilities, and theft

Hanover-based KeyW to be acquired by Jacobs Engineering Group in $815M deal

SPONSORED

Baltimore

How SmartLogic accelerated these startups’ product growth trajectories

Baltimore, MD 21201

14 West

Junior Database Administrator

Apply Now
Philadelphia, PA

Orthly

Full-Stack Javascript Engineer

Apply Now
Baltimore, MD 21201

14 West

Chief of Staff

Apply Now

Here are the winners of the 2019 Maryland Cybersecurity Awards

Power Moves: Frank Bonsal III is leaving TU incubator, returning to venture capital

Inside the North Baltimore company that discovered some of tech’s biggest security vulnerabilities

SPONSORED

Baltimore

This fast-growing SaaS company aims to be a force for change in the energy industry

Baltimore, MD

SmartLogic

Product Designer

Apply Now
Baltimore

Technically Media

Technical.ly Baltimore Contributing Reporter (Contract or Freelance)

Apply Now
Baltimore, MD

SmartLogic

Developer

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!