Will your first thought will be about the vendor and marketing nightmare that awaits that company? Will you be happy about it? Or you will think, God, anyone anywhere can break into my car and steal it. It's like publishing an exact drawing of a master key which will bypass security and open your car. Will I forget or forgive? (typically no) Will I buy something else from them? (typically no again, cause I've paid them wanting them to solve my problems and it turned into another greater problem) How do you think? I as a CISO will ask them: why have they sold me such piece of garbage? They should have had a competence and expertise while consulting me on surveillance solution. Someone can just be fired from job cause he or she has missed to read a single article and some other employee accidentally has read it and made "a joke" on security department.
And in described situation I need to migrate NOW! Cause any script kiddie who just completed school would like to "test" my security cause he knows that it is vulnerable. Then OK, my partner will tell me that (for example) and I will planmigration. I understand to publish a report stating that cameras have CRITICAL severity vulnerability which allows complete control. How will I tell to general management that our security can be or already compromised?
Raysharp dvr firmware update Patch#
I can't wait for the patch to come, I don't know how long I have to wait, I have to get rid of them all, do I have the budget? Imagine you are a CISO and suddenly you discover that your cameras are just completely off security.
How secure is your data in Dropbox? Can your NAS‘s port-forwarding be trusted? Even if you’re not a user of these security cameras, let this serve as a reminder for all of the woes that wait around every turn on the internet.I think that publishing credentials in mass media in such a way is a very bad decision. Accessing your data over the internet is wonderful, but just remember that you’re only a single security vulnerability away from nefarious people getting access to that information. Whenever we’re using technology that is accessible to other people, we have to keep security at the top of our minds. Security and convenience are always battling each other. Turning off UPnP on your device ( and router for good measure) will keep the device from being easily accessible to the outside world, but it drastically reduces the usefulness of the product. If you’re an owner of one of the estimated 58,000 security cameras on the market with this vulnerability, there isn’t much you can do. Lorex, Swann, and CW (owner of Defender and SVAT) have stated that they will investigate the problem, but that’s the extent of the response so far. Zmodo explained to Forbes that it hasn’t sold cameras using Roy Sharp’s firmware since 2011.
It sends shivers up my spine just thinking about it. Even at home, anyone could log into your camera, and watch you whenever they wanted to. They could even remove all recorded video or poison it with bogus footage. If someone wants to break into a store without being caught on video, they could easily access the camera and turn it off. Even worse, these cameras use Universal Plug and Play (UPnP), so finding and accessing them will be even easier. Port 9000 is open on these vulnerable devices, and it allows any third party to access the stream, view the footage, delete anything, and even turn off the camera. Security camera digital video recorders from Atlantis, BCS, Bolide, Cosmos, Defender, DSP Cop, EyeForce, Greatek, Hi-View, J2000, KGuard, Lorex, Protectron, Soyo, SVAT, Swann, URMET, and Zmodo have all shipped with firmware that allows unauthenticated access to the web controls. Unfortunately, 18 brands of security cameras with recording functionality are susceptible to an incredibly easy hack thanks to flawed firmware from Chinese company Ray Sharp. Watching your store, keeping an eye on your pets at home, or even spying on the nanny are much easier now that we can check the security footage over the net. Networked security cameras offer a lot of convenience and peace of mind. This site may earn affiliate commissions from the links on this page.
0 kommentar(er)
