{"id":159596,"date":"2016-03-24T10:15:48","date_gmt":"2016-03-24T08:15:48","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=159596"},"modified":"2016-03-24T10:18:01","modified_gmt":"2016-03-24T08:18:01","slug":"massive-security-flaw-in-cctv-systems","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/159596-massive-security-flaw-in-cctv-systems.html","title":{"rendered":"Massive security flaw in CCTV systems"},"content":{"rendered":"

The digital video recording (DVR) devices in the CCTV systems of over 70 different vendors<\/a><\/strong> have inherited a security flaw from the original manufacturer, TVT.<\/p>\n

This is according to security researcher Rotem Kerner, who was following up on 2014 research into the Backoff POS Trojan operation<\/a><\/strong>.<\/p>\n

Researchers found that criminals used vulnerable DVR boxes as a vector from which to attack point-of-sale systems.<\/p>\n

Kerner said after a query on Shodan<\/strong><\/a>, he found more than 30,000 potentially-vulnerable DVRs connected to the Internet.<\/p>\n

He then explored one of the DVRs and found a way to exploit a vulnerability to allow him to execute any program on the device.<\/p>\n

TVT, which is based in China, ignored Kerner\u2019s reports of the bug, so he publicly disclosed the issue.<\/p>\n

\u201cYour best shot would probably be to deny any connection from an unknown IP address to the DVR services,\u201d said Kerner.<\/p>\n

A list of affected vendors is available in Kerner\u2019s blog post<\/a><\/strong>.<\/p>\n

More on CCTV systems<\/h3>\n

Dramatic CCTV footage of robbers trying to break into Crime Line head\u2019s home<\/strong><\/a><\/p>\n

Multi-million rand CCTV system takes on crime in Joburg<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Over 70 CCTV vendors have white-labelled products from TVT which are vulnerable to a remote code execution attack.<\/p>\n","protected":false},"author":23,"featured_media":159604,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,7719,36260,35095,36262],"class_list":["post-159596","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-cctv","tag-rotem-kerner","tag-shodan","tag-tvt"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/159596"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=159596"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/159596\/revisions"}],"predecessor-version":[{"id":159602,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/159596\/revisions\/159602"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/159604"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=159596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=159596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=159596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}