Critical vulnerabilities discovered within Zoom video conferencing and Nuuo surveillance cameras-Comment

Security researchers have discovered a vulnerability in Nuuo surveillance cameras which can be exploited to hijack these devices and tamper with footage and live feeds.

There was also a serious flaw found within Zoom video conferencing which could allow external attackers or malicious insiders to hijack screen controls, spoof chat messages, and remove attendees from a session.

Commenting on these vulnerability discoveries is Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposure Research Team (VERT):

“Network video recorders are one of the most problematic categories of IoT devices. This is likely because NVRs are one of the earliest types of connected devices to be successful in the market. Many of these systems not only still have the same basic look and feel as what was available in the late 90s but also the same types of basic vulnerabilities. As an example of this, the report from Digital Defense details an easily triggerable stack buffer overflow in an HTTP server running as root.
Anyone using the Nuuo NVRmini 2 needs to prioritize patch deployment for affected systems regardless of the device is directly exposed to the Internet. Because this can be exploited with an unauthenticated HTTP request, attackers can craft malicious web pages which search local networks for affected systems to compromise. This type of attack is known as cross-site request forgery and can come from malicious emails, advertisements, and even comment spam.”




How can forensic science research be prioritised and funded? Lords to hear evidence

Over two evidence sessions on Tuesday 4th December the House of Lords Science and Technology Select Committee will continue taking evidence for its inquiry into the UK’s use of forensic science and its contribution to the delivery of justice.

Funding for foundational forensic science research is rare, and forensic science is not currently within the remit of any of the major UK research councils. The Committee will ask the Director for Strategy at UK Research and Innovation how it can better support forensic science to establish it as a strategic research priority.

The Committee will also ask defence and prosecution lawyers how a culture of innovation in forensic science, that incorporates the needs of the Criminal Justice System, can be developed and sustained.

The Session will begin at 3:25pm in Committee Room 4A of the House of Lords. Giving evidence will be:

  • Mr Paul Harris, Senior Partner, Edward Fail, Bradshaw and Waterson
  • Mr Michael Caplan QC, Consultant, Criminal litigation, Kingsley Napley LLP
  • Ms Sarah Whitehouse QC, Barrister, 6KBW College Hill

Questions the Committee are likely to ask include:

  • Is the current training available for lawyers and the judiciary in handling forensic science evidence appropriate?
  • Are you aware of differences between what forensic science provision is available to the prosecution and defence?
  • Are there issues when it comes to disclosure of forensic science evidence pre-trial, and access to forensic science evidence pst trial (during appeal work)?
  • Does the Criminal Justice System have the capacity to deal with the increased evidence load that digital evidence generates?

The second session will begin at 4.25pm and the Committee will question:

  • Ms Rebecca Endean, Director of Strategy, UK Research and Innovation

Questions the Committee are likely to ask include:

  • What is the current situation within UKRI and the UK Research Councils with respect to forensic science?
  • What would be the best and most effective way of ensuring that there is funding for forensic science research, including technological developments and foundational forensic science?
  • What are the challenges you would experience if you were seeking to prioritise high quality forensic science research funding in the current climate?