Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
September 17, 2018 11:20 pm

Hackers Hijack Surveillance Camera Footage With 'Peekaboo' Zero-Day Vulnerability

An anonymous reader quotes a report from ZDNet: A zero-day vulnerability present in security cameras and surveillance equipment using Nuuo software is thought to impact hundreds of thousands of devices worldwide. Researchers from cybersecurity firm Tenable disclosed the bug, which has been assigned as CVE-2018-1149. The vulnerability cannot get much more serious, as it allows attackers to remotely execute code in the software, the researchers said in a security advisory on Monday. Nuuo, describing itself as a provider of "trusted video management" software, offers a range of video solutions for surveillance systems in industries including transport, banking, government, and residential areas. Dubbed "Peekaboo," the zero-day stack buffer overflow vulnerability, when exploited, allows threat actors to view and tamper with video surveillance recordings and feeds. It is also possible to use the bug to steal data including credentials, IP addresses, port usage, and the make & models of connected surveillance devices. In addition, the bug could be used to fully disable cameras and surveillance products. Peekaboo specifically impacts the NVRMini 2 NAS and network video recorder, which acts as a hub for connected surveillance products. When exploited, the product permitted access to the control management system (CMS) interface, which further exposes credentials of all connected video surveillance cameras connected to the storage system.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/m-AgQppXNU4/hackers-hijack-surveillance-camera-footage-with-peekaboo-zero-day-vulnerability

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot