Security researchers have discovered a vulnerability in Nuuo surveillance cameras which can be exploited to hijack these devices and tamper with footage and live feeds.
There was also a serious flaw found within Zoom video conferencing which could allow external attackers or malicious insiders to hijack screen controls, spoof chat messages, and remove attendees from a session.
Commenting on these vulnerability discoveries is Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposure Research Team (VERT):
“Network video recorders are one of the most problematic categories of IoT devices. This is likely because NVRs are one of the earliest types of connected devices to be successful in the market. Many of these systems not only still have the same basic look and feel as what was available in the late 90s but also the same types of basic vulnerabilities. As an example of this, the report from Digital Defense details an easily triggerable stack buffer overflow in an HTTP server running as root.
Anyone using the Nuuo NVRmini 2 needs to prioritize patch deployment for affected systems regardless of the device is directly exposed to the Internet. Because this can be exploited with an unauthenticated HTTP request, attackers can craft malicious web pages which search local networks for affected systems to compromise. This type of attack is known as cross-site request forgery and can come from malicious emails, advertisements, and even comment spam.”
(69)
