Menu
Surveillance systems around the world could be at risk

Surveillance systems around the world could be at risk

Tenable researchers uncovers "Peekaboo" zero-day

Credit: Dreamstime

Researchers at Tenable discovered a zero-day vulnerability dubbed "Peekaboo" which makes video surveillance recordings vulnerable.

The vulnerability is in the NVRMini2 device, a network-attached storage device and network video recorder.

The vulnerability could affect "hundreds of thousands" of cameras worldwide and allows cyber criminals to view and change video surveillance recordings through a remote code execution vulnerability in Nuuo software.

"For example, they [cyber criminals] could replace the live feed with a static image of the area [under surveillance], allowing criminals to enter the premises undetected by the cameras," said Tenable in a statement.

Nuuo software and devices are installed in over 100,000 surveillance systems across the world, there are more than 100 brands and 2,500 different models of cameras could be made vulnerable.

"Once exploited, Peekaboo would give cyber criminals access to the control management system (CMS), exposing the credentials for all connected video surveillance cameras. Using root access on the NVRMini2 device, cybercriminals could disconnect the live feeds and tamper with security footage," Tenable explained.

“The Peekaboo flaw is extremely concerning because it exploits the very technology we rely on to keep us safe," said Renaud Deraison, co-founder and chief technology officer at Tenable.

"As more IoT devices are brought online, the attack surface expands and introduces new risks to both consumers and organisations.”

The vulnerability affects firmware versions older than 3.9.0. Nuuo informed Tenable that a patch is being developed and affected customers should contact Nuuo for further information.

In the meantime, users are urged to control and restrict access to their Nuuo NVRMini2 deployments and limit this to legitimate users from trusted networks only.

Owners of devices connected directly to the internet are especially at risk, Tenable warned, as potential attackers can target them directly over the internet. Affected end users must disconnect these devices from the internet.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags surveillance camerasTenablesecurityNuuo

Featured

Slideshows

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established partners, emerging players and innovative start-ups, in front of over 460 technology leaders in Auckland.

Reseller News Innovation Awards 2018: meet the top performing partners
Champagne Reception kicks off Reseller News Innovation Awards 2018

Champagne Reception kicks off Reseller News Innovation Awards 2018

More than 460 channel leaders came together to toast the top performers of the New Zealand industry, during the opening Champagne Reception at the Reseller News Innovation Awards 2018 - in association with Techbuyer.

Champagne Reception kicks off Reseller News Innovation Awards 2018
Chasing innovation: how Kiwi partners can create a new customer agenda

Chasing innovation: how Kiwi partners can create a new customer agenda

This exclusive Reseller News Roundtable - in association with Rhipe and Microsoft - detailed a blueprint for customer success, outlining the new role of the modern-day partner and wider network in New Zealand.

Chasing innovation: how Kiwi partners can create a new customer agenda
Show Comments