As our world becomes increasingly connected, another potential risk presents itself. According to online tech magazine Bleeping Computer, tens of thousands of CCTV cameras are vulnerable to hackers thanks to the so-called “Peekaboo” flaw.
“This vulnerability (CVE-2018–1149) holds a Temporal Score of 8.6 with a ‘Critical’ severity rating,” Jacob Baines, Tenable’s senior Research Engineer confirmed. “It is an ‘unauthenticated stack buffer overflow’ vulnerability that allows remote code execution by an attacker.”
Researcher Ezequiel Fernandez discovered the flaw in cameras made by TBK vision. After doing a little digging, he found other brands appeared to be affected, as well – including cameras sold by CeNova, Night Owl, Nova, Pulnix, Q-See, and Securus – leaving us to wonder how and why this is happening.
Internet-connected surveillance systems are vulnerable to hackers, especially when it comes to passwords.
Leaving the default password intact unleashes quite a few risks. This is because hacking into a CCTV can be as easy as hopping on Google or Shodan, where users can locate anything (yes, anything) that connects to the internet.
A strong password should be 12 to 15 characters in length, contain special characters and varied cases, and void of whole words and personal information. Length, complexity, and randomness make a strong password.
Remember the mass Mirai attack in 2016? It was caused by a band of password-hacking lowlifes who created a network of hacked devices in hopes of shutting down popular sites like Reddit, Twitter, and Netflix. Though their victory was short-lived, this incident should forever stand out in your mind as a reason to change your passwords.
Unbranded cameras are like a hacker magnet.
This March, the Institute for Information Industry issued a warning regarding the susceptibility of IP cameras to hacking. According to Kao Fu-kai of the Information Security Research division, consumers should avoid using unbranded IP cameras at all costs. This means you should refrain from buying those cheaply made, generic DVRs – no matter how tempting it is to save money.
Don’t believe us? Just ask Andy Gregg, an Arizona real estate agent who was stunned when a hacker verbally addressed him via his brand-new security camera.
“I’m really sorry if I startled you or anything. I realize this is super unprofessional, and I’m sorry that it’s a little late in the day to do this,” the hacker told Gregg in a video recording uploaded to azcentral.com. “We don’t have any malicious intent, but I’m just here to kind of let you know so that no one else, like any black-hat hackers, follow.”
The hacker identified himself as a “white hat hacker” from Canada.
Upgrading your CCTV firmware is probably the smartest thing you can do.
Outdated firmware — the programs that help a device do what it’s designed to do — is a huge problem for any security system. Even if you’ve purchased a high-end, top-notch school security camera system, it’s still important to check for updates.
Updates can become annoying, but they’ll keep your device running smoothly. The best way to ensure you’re up-to-date is to register your device with the manufacturer. Just fill out the registration card that came with your device, or register your device online. This way, your manufacturer can alert you of any upcoming updates.
Some high-tech security companies will automatically update your firmware, but it’s important to find out if there is anything you should do on your end. If your vendor doesn’t supply automatic updates, there’s usually a page on the web that lists important firmware download links. If you can’t find this link (or you bought a cheap camera without tech support), you may need a new system.