A vulnerability has been discovered in video surveillance camera software that could allow hackers to view, delete or modify video footage.
A research paper published by Tenable, a security firm, has revealed a vulnerability named Peekaboo in the video surveillance systems of NUUO. By exploiting the software flaw, hackers can acquire the admin privileges and can monitor, tamper and disable the footage.
Moreover, once they have the access to the footage, the hackers can also access the feeds of the other devices that are connected to the surveillance system.
The major concern regarding the vulnerability is that it can be exploited to get hold of information including login credentials, model number, IP address of not only the camera that has been hacked but the other connected devices as well. All the details could be accessed within a few seconds.
You can have a look at the hacking procedure:
“The Peekaboo flaw is extremely concerning because it exploits the very technology we rely on to keep us safe. As more IoT devices are brought online, the attack surface expands and introduces new risks to both consumers and organizations,” said Renaud Deraison, co-founder and chief technology officer of Tenable.
NUUO’s software is deployed by many video surveillance systems all over the world. Over 100 brands use the software, and there are more than 2,500 models that are powered by the vulnerable software. According to an estimate, more than hundreds of thousands of surveillance systems have been affected by Peekaboo.
NUUO has released a firmware version 220.127.116.11 with a patch for the flaw and also has plans to notify the affected users.