Researchers from Nozomi Networks, an industrial and IoT network security company, have discovered a critical vulnerability that can be used to attack a video surveillance product produced by Annke. Anke is a global home and business security solutions provider headquartered in Hong Kong.
Vulnerability and its impact
The vulnerability is tracked as CVE-2021-32941, with a CVSS score of 9.4, and is described as a stack-based buffer overflow, which can be exploited by remote attackers to execute arbitrary code and access sensitive information.
Nozomi researchers discovered this vulnerability in Anke’s N48PBB network video recorder (NVR), which can be used to store video captured by cameras, watch live video streams, and manage cameras. Nozomi stated that it reported the vulnerability to Annke on July 11 and released a patch through a firmware update on July 22. It is recommended that Anker’s customers update the device firmware as soon as possible.
According to a report released this week by the US Cybersecurity and Infrastructure Security Agency (CISA), the affected products are being used worldwide.
The vulnerabilities identified by the researchers could allow attackers to access recorded video, delete footage, change configurations (such as motion detection alarms), and turn off certain cameras or NVRs to prevent them from recording.
Nozomi has performed a detailed analysis of the device, which includes extracting the firmware using a physical connection to its onboard memory. The security vulnerability initially appeared to be a denial of service (DoS) issue, but further analysis revealed that it may be exploited to execute remote code with root privileges, causing the device to be completely destroyed.
Exploiting this vulnerability requires authentication, but the lack of cross-site request forgery (CSRF) protection may also allow an attacker to attack the device without authentication, which requires to lure the logged-in user, operator, or administrator into the management of the NVR Visit a specially made webpage when the interface is displayed.
“Modern video surveillance systems are classified as Internet of Things (IoT) devices and represent a fundamental part of a company’s physical security,” Nozomi said in a blog post. “Like what often happens in the Internet of Things, these devices, although they seem simple, also face the same network security risks as more traditional network devices. For example, the famous Mirai botnet attacks routers or printers in the same way. The purpose is to destroy them and then use them to carry out large-scale cyber attacks.”
Introduction of Anke N48PBB
Hong Kong Anke Innovation is a popular manufacturer of surveillance systems and solutions, producing various IP cameras, NVRs and accessories. NOZOMI’s analysis focused on N48PBB, an NVR capable of displaying and recording up to eight Power over Ethernet (PoE) IP security cameras.
By convention, in its web service, N48PBB exposes a web application that allows interaction with devices and connected cameras. For example, you can watch the camera’s live stream, search and play functions, manage users, and so on.
The web application defines three account types: administrator, operator, and user.
Webcams become common IoT devices
NVR is an IoT device designed to connect to a local Ethernet network and capture incoming video sources from all clearly configured IP cameras in the same network. NVRs are usually equipped with fairly large hard drives (in TeraBytes) or other permanent memory solutions to store several days of video content.
In 2020, the global video surveillance market is valued at more than 45 billion U.S. dollars and is expected to grow to 75 billion U.S. dollars by 2025. The infrastructure sector—including transportation, urban surveillance, public places, and utilities—is expected to grow the fastest during this period.
When setting up IP cameras for monitoring, NVR is used as a special device for monitoring and recording all video clips. It also provides centralized management of the entire IP camera system.
By accessing the exposed web panel of the NVR, the operator can watch the real-time stream from all connected cameras and play all the video content stored on the device. In addition, the administrator can remotely manage the camera system by performing maintenance operations on all connected cameras or setting global alarms for any camera to detect specific events.
Camera vulnerability is a common problem
NVR is obviously a powerful and indispensable component in the company’s surveillance system. Therefore, they are also very attractive targets for criminals.
A small part of the potential consequences of an attacker’s unauthorized access to the NVR may include:
Confidentiality: They can access any private information recorded in the video, obtain the location of valuable assets, or track people;
Completeness: They may delete video clips that contain unnecessary content, or change the configuration of motion detection alarms;
Usability: They can selectively stop the recording of the designated camera, or completely shut down the NVR when it is convenient.
In fact, NVR represents a key network target, because only one device under attack may directly affect the security of the entire IP camera system.
Finally, Nozomi recommends that organizations conduct careful due diligence when purchasing security camera systems, including reviewing the technology involved and considering the privacy laws applicable to the supplier’s jurisdiction. A further recommendation is to implement IoT and OT network monitoring solutions. Although the functions of IoT devices are usually not transparent, the use of anomaly detection technology to monitor network behavior can provide timely alerts and gain time and initiative to prevent or mitigate potential harm.
The Links: CLAA201WA03 LC260W01-A5K6 DISPLAY-COMPANY
Related posts
