The DVR boxes used to manage recording from security cameras may not actually be so secure. A hacker at Console Cowboys found that the Ray Sharp platform used by many companies’ DVRs — the author lists Swann, KGuard Security, and more — is vulnerable to unauthorized access, even from behind a firewall. “SomeLuser” found that the platform is set to automatically enable Universal Plug n Play, making it easily accessible through networks that support it. Connecting through Port 9000 allowed users to bypass security, then request the username and password for the DVR in plain text. From there, it’s possible to exploit more loopholes to run system commands, accessing or deleting footage. That could make it one of several standard business technologies that’s turned out to be full of security holes.
Security camera recorders could be open to tampering because of common firmware flaw
is a senior tech and policy editor focused on online platforms and free expression. Adi has covered virtual and augmented reality, the history of computing, and more for The Verge since 2011.
Rapid7 Chief Security Officer HD Moore has confirmed the vulnerability, which he says “provides remote, unauthorized access to security camera recording systems.” If it’s as widespread as believed — while neither has tested it on all the brands mentioned, both are confident it’s present across the board — it potentially undermines the security of small businesses, who are likely to have UPnP enabled, says Moore. For now, there doesn’t seem to be an easy fix for users, though DVR seller Zmodo has told Forbes it developed its own firmware that “has never been susceptible to the same intrusions as firmware developed by Ray Sharp.”
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
