1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hard-coded password exposes up to 46,000 video surveillance DVRs to hacking

Discussion in 'CSO' started by RSS, Feb 17, 2016.

  1. RSS

    RSS New Member Member

    Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.

    According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account.

    Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development. That mentality has changed in recent years and many vendors, including large networking and security appliance makers, are frequently issuing firmware updates to fix such basic flaws when they are discovered by internal and external security audits.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page