Thousands of Unsecured Security Cameras Could Be Giving Hackers a Peek Inside Your Home
(Image: Shutterstock.com)
Digital video recording (DVR) devices used for security purposes might actually be an open door — virtually — for hackers, according to the findings of a security blogger.
The writer going by the name “someLuser” on the blog Console Cowboy showed how at least 18 brands of security DVRs were vulnerable to hackers, specifically the Ray Sharp DVR platform. The security firm Rapid 7 did a little digging after someLuser’s blog post came out and found that this could leave about 58,000 systems in more than 150 countries exploitable.
Forbes explains in laymen’s terms how the vulnerability with the system works:
He found that commands sent to the device via a certain connection, port 9000, were accepted without any authentication. And worse, he was able to use that unprotected connection to retrieve the login credentials for the DVR’s web-based control panel. “Anyone who can connect to port 9000 on the device can send this request and retrieve that information,” said someLuser, who declined to reveal his real name when I reached him by instant message.
To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPNP) which maps the devices’ location to any local router that has UPNP enabled–a common default setting. That feature, designed to allow users to remotely access their video files via remote PC or phone, effectively cuts a hole in any firewall that would expose the device to attackers, too.
Basically, the flaws would allow hackers into security systems remotely where they could access or delete footage.
Products included for such a potential exploit are: Swann, Lorex, URMET, KGuard, Defender, DEAPA/DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos and J2000.
Although at least one manufacturer, Zmodo, told Forbes they have a firmware update for sale to correct the vulnerability, there is not really a simple fix for the problem.
A temporary work-around someLuser presents is to disable the universal plug and play (UPNP) on routers to prevent outside devices from using the Internet to access the system remotely.
DVR security systems are not the only remotely accessed systems that we’ve seen vulnerable to hacking. In 2011, we reported how something as unassuming as a home or office printer connected to the Internet could be hacked, even tampered with to the point where it could start a fire.
Last week, tech websites were reporting some computer webcams were insecure and letting peeping Toms see through them. The issue associated with TRENDnet webcams was first reported in early 2012 and a fix was provided. But as the interactive map TRENDnetExposed received attention (the map has since been deactivated), it was clear some users of the webcams had not yet taken the necessary measures to secure their devices.
Watch this video from the Today show about criminals using unsecured webcams for spying:
Featured image via Shutterstock.com.
(H/T: Gizmodo)
In CONTROL, Glenn Beck presents a passionate, fact-based case for guns that reveals why gun control isn’t really about controlling guns at all; it’s about controlling us. Find out more HERE.
Comments (33)
Sign In To Post Comments! Sign In
Popular Stories
‘Bigoted, Religious [Zealots]‘: High School Senior Allegedly Expelled, Charged With Felonies Over Gay Relationship With ‘Consenting’ Fellow Student 902 Comments
‘The Daily Show’ Creator Makes Outrageously Offensive Anti-Conservative Joke About Okla. Tornado 373 Comments
Washington Times Writer: Fox News Scandal Goes ‘Much Deeper,’ W.H. Sitting on Something Top Obama Aides ‘Terrified’ About 339 Comments
CNN Poll: Obama’s Approval Rating Unchanged Since Scandals Hit 247 Comments
University Will Investigate Christian Professor’s Intelligent Design Class Following Atheist Furor 218 Comments
Faith
-
Beck and Mercury One Head to Oklahoma to Launch Tornado Relief Effort — See the First Behind-the-Scenes Photos
Read More
-
Here’s the Inspirational Story of an American Flag Hanging Amid the Oklahoma Tornado’s Destruction
Read More
-
University Will Investigate Christian Professor’s Intelligent Design Class Following Atheist Furor
218 Comments
-
‘Bigoted, Religious [Zealots]‘: High School Senior Allegedly Expelled, Charged With Felonies Over Gay Relationship With ‘Consenting’ Fellow Student
902 Comments
-
Israeli Motorists Shocked When Nazi Flag Seen Flying Near Palestinian Mosque
Read More
Business
-
Treasury Sec. Ready to Deploy ‘Extraordinary Measures’ as U.S. Hits Debt Limit (Again)
Read More
-
‘In the End, Everything Will Be Claimed’: Creator of First 3D-Printed Gun Highlights Creeping Gov’t Control of Technology
Read More
-
Sebelius’ Controversial Fundraising Efforts Raise Concerns, Allegedly Chase Away Potential Donors
Read More
-
See All the Viral Backlash Abercrombie & Fitch Has Received for Its CEO’s Comments From Years Ago That Resurfaced Again
Read More
-
Is This the ‘Smoking Gun’ That Ties the IRS Scandal to the White House?
192 Comments
Technology
-
How a $4.5 Million Network of 181 Sirens Helped Save Lives in Oklahoma Twister
Read More
-
See the Record-Setting Python a Man Caught With His Bare Hands (and Guess How Much It Weighed)
Read More
-
This Teen’s Invention Means You Could Charge Your Cellphone in Less Than 30 Seconds
Read More
-
One of the Most Unlikely Animals Being Trained to Hunt Land Mines
Read More
-
Woman Who Lost All Limbs to Flesh-Eating Bacteria Gets $200K Bionic Arms
Read More
Submitting your tip... please wait!
FoxRules
Posted on January 30, 2013 at 10:00amLike Eric Holder and Janet INEPT-atano?
Arrg, I can’t scrub hard enough and there’s not enough soap!
Report this comment
GuruMeditation
Posted on January 29, 2013 at 5:46pmDon’t use wireless.
Report this comment
media-bias-steals-elections
Posted on January 29, 2013 at 5:29pmThe fact that you can upgrade the firmware on any device, instead of recalling the product, speaks volumes about your nanny state consumer protection agencies?
How do you know a hacker does not upgrade the firmware and then you don’t have the original, or a way to stop them from doing it again, or worse, they upgrade it with firm ware that does not accept any new or original firmware by the device maker? We’re talking about phones, computers, anything?
Firewalls should do one basic thing, not allow connections to any ip address not associated with a domain name, and then keep you informed of attempts to do that? Yet we have all these technology companies scratching their heads, gee, I wonder what the next big thing is we could develop for consumers?
Report this comment
freedomcatcher
Posted on January 29, 2013 at 4:23pmToo much opportunity for abuse here.
Report this comment
GuruMeditation
Posted on January 29, 2013 at 5:47pmPlenty. I wished our government saw it the same way.
Report this comment
George W
Posted on January 29, 2013 at 4:12pmSome easy computer security items every computer user should do with laptops, and desktops.
Go to Gibson Research Corporation (GRC), a leader in computer security, and run (free) “Shields Up” to see if your computer has any unsecured open ports.
Services tab / “Shields Up” / Proceed / All Service Ports – wait for the scan to complete. All green is what you want to see.
Now go check to see if your Unplug and Play is on or off.
Go to GRC’s freeware tab / security / Unplug and Pray and run it. – Turn off your Unplug and Play.
Lastly, keep your anti virus, and firewall updated.
Report this comment
Inform
Posted on January 29, 2013 at 3:57pmIt’s not “hacking.” This is the same method that criminals get credit card numbers, website passwords, etc…
Report this comment
SocialistSlayer
Posted on January 29, 2013 at 3:47pmHas anyone noticed that almost every red light in America now has a security camera ( And I am not talking about those IR devices for fire trucks) ?? Who is monitoring all them and who paid for them ??
Report this comment
Wildcat1997
Posted on January 29, 2013 at 4:55pmMost of those “security cameras” on traffic lights are not actually cameras, but are simple motion detectors. It’s a 2nd way to detect of traffic is flowing through so the light pattern can adapt.
Report this comment
tomcat11767
Posted on January 29, 2013 at 6:50pmWildcat,
I have been in the transportation industry for over 25 years. Those ARE working cameras. I know people whose job it is to sit in front of a panel full of video screens, and watch them. Any intersection they want at a touch of a button. And I have inspected the installation of many of them.
Report this comment
Anonymous T. Irrelevant
Posted on January 29, 2013 at 3:19pmCan anyone hack into the webcams inside the White house, Eric Holder’s, or Hillary’s offices?
Report this comment
Anonymous T. Irrelevant
Posted on January 29, 2013 at 3:16pmIt’s amazing what a little piece of tape will do.
I tell my daughters to put a piece of tape on their built in webcams on their laptops until they are ready to use them.
Report this comment
TotallyNotATroll
Posted on January 29, 2013 at 3:03pmBeing kinda lonely I’m running out to buy some camera’s for everyone to watch right now, thanks for the idea.
Report this comment
MisterSarcastic
Posted on January 29, 2013 at 2:58pmHackers? How about the US Government?
Report this comment
The_Woofster
Posted on January 29, 2013 at 4:59pm“Slackers”
Report this comment
Female
Posted on January 29, 2013 at 11:05pmThumbs up woofster!
“Slackers” funny!
Report this comment
Chuck7884
Posted on January 29, 2013 at 2:44pmIf you install cameras and mic’s make sure you have it wired! the difference is in a professional criminal and the plain Jane criminal. if you own valuables that would catch the eye of the professional have your house wired! a professional will jam all wireless devices .In order to defeat wired security he has to take the time to find the recorder. thus it would be smart to have two or more recorders installed in case one has been found!.
Report this comment
RamonPreston
Posted on January 29, 2013 at 2:28pmStop worrying about who’s watching the outside of your house and worry about who’s watching inside. Those TV converter boxes have a camera & microphone inside (at least mine does) Makes me wonder about the cable box. Best way to learn info is to watch someone sitting in their living room.
Report this comment
RaydocX
Posted on January 29, 2013 at 2:18pmthe only cameras we might have installed look over outside coverages… it’s a wireless feed, so yes, someone could ‘peek’ in on it, but so what? i am puzzled who would be installing in house systems… i’ve seen the security companies pushing it, but there’s zero way i would consider that, not knowing who might be watching when. even baby video monitors are a bit unsettling.
but the systems i’ve seen let you reset the core code, so while i agree it’s a potential problem, someone really concerned you would have to assume has changed to code to block unauthorized peeping.
the article seems designed to scare people away from video systems, rather than helping them to fix the problem.
Report this comment
THX-1138
Posted on January 29, 2013 at 2:24pmWe have cameras w/ IR so we can check up on our 78 year old mother at her own place without driving over and disturbing her. If she fell or had another issue we’d know PDQ…
(Oh, and my brother is a network guy, he secured them long ago…)
Report this comment
The Jewish Avenger
Posted on January 29, 2013 at 2:26pmI remember when my neighbors acres away had a baby monitor come through my TV speakers…
Try to explain why there is heavy breathing while watching Peanuts cartoons to a 5 year old…
(We said the artist was VERY tired from drawing so fast, LOL!)
Report this comment
Chuck7884
Posted on January 29, 2013 at 2:27pmIf Yo do not have a baby monitor then no worries. you can tell if someone is at home with some of the wireless devices such as baby monitors or intercoms not to mention wireless devices can be jammed and they do make jammers for cell phones and other devices if you have the cash perfectly legal to buy!.
Report this comment
GhostOfJefferson
Posted on January 29, 2013 at 2:14pmThere are thousands of unsecured cameras trained on my home?
Eeek!
Report this comment
TH30PH1LUS
Posted on January 29, 2013 at 2:11pmIt’s not just the pimply-faced “hackers”. Uncle Sam has a backdoor into all your tech.
Report this comment
THX-1138
Posted on January 29, 2013 at 2:19pmNot my J-Frame.
Report this comment
GhostOfJefferson
Posted on January 29, 2013 at 2:22pmWell, not so much really. You can create a secure system. The only back door present on most technology is the one we either give it through consent or by not knowing how to properly utilize technology.
Report this comment
RamonPreston
Posted on January 29, 2013 at 2:30pmYou got that right. Control, control, control…
Report this comment
Darmok and Jalad at Tanagra
Posted on January 29, 2013 at 2:07pmNow I know why that nanny cam teddy bear follows me around the house.
That is one thing I did with my lap top, put a piece of electrical tape across the camera. If I skype, I remove it, but otherwise it is covered up.
Report this comment
FlagWavingPatriot
Posted on January 29, 2013 at 2:06pmHey, if some Chinese hacker wants to see my fat **** in skivvies downing a bag of Doritos while I watch Finding Bigfoot, go right ahead.
Report this comment
RoDogg
Posted on January 29, 2013 at 2:04pmIsn’t that the same tech as those smart meters? lol
Report this comment
RANGER1965
Posted on January 29, 2013 at 2:02pmWhich is why you unplug cameras and microphones from your computer when you’re not using them.
Report this comment
M13
Posted on January 29, 2013 at 2:04pmIf only I could unplug Encinom’s complete stupidity.
Report this comment
Blivit
Posted on January 29, 2013 at 2:18pmhow old is your computer?? new ones come with cameras and mics built right in and enabled by default! as do new tv sets these days!
Report this comment