Software Development

Peekaboo: Tenable spotlights vulnerability that could allow manipulation of surveillance footage

The Columbia-based cybersecurity firm released new research on software used in public spaces around the world.

Tenable warns security cameras could be vulnerable. (Photo by Flickr user Rusty Clark, used under a Creative Commons license)

Tenable, the recently IPO’d, Columbia-based cybersecurity companyreleased new research this week showing a security vulnerability in software that powers video surveillance systems.

The “Peekaboo” vulnerability could leave open the potential for attackers to take control of and potentially manipulate footage from software created by NUUO, which is used around the world. Called NVRMini2, the device is a storage device and mini recorder, Tenable states in a blog post. Here’s what they found, according to Techcrunch:

The vulnerability works via a stack buffer overflow, overwhelming the targeted software and opening the door for remote code execution. That loophole means that an attacker could remotely access and take over accounts with no authorization, even taking over networked cameras connected to the target device.

Jacob Baines, a senior research engineer at Tenable, developed an exploit demonstrating what could happen.
“An attacker can gain full system access, giving them control over and access to attached camera feeds and recordings. In addition, access credentials for connected cameras can be read in cleartext,” Tenable writes.
In the blog post, Tenable said NUUO’s software is used by third-party vendors through white-labeling and licensing, so the full list of those affected are unknown.
A patch was not immediately available Monday, but Tenable said NUUO was developing one.
“In the meantime, we advise affected end users to restrict and control network access to the vulnerable devices to authorized and legitimate users only,” the company stated.
The vulnerabilities in surveillance systems are among the concerns of cybersecurity pros working on securing devices. Last year, Fulton-based ReFirm Labs found vulnerabilities in specific models of security cameras.

Companies: Tenable Holdings

Before you go...

Please consider supporting to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

3 ways to support our work:
  • Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
  • Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
  • Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
The journalism fund Preferred partners Our services

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!


‘Racist rhetoric leads to attacks’: Asian Americans and lawsuit plaintiffs take on the TikTok ban

Inside Maryland’s latest effort to support emerging businesses

This Week in Jobs: The kernel of a new career is in these 20 tech opportunities

Technically Media