Has your DVR/NVR been breached?

DVR/NVR been breached

Has your DVR or NVR security system experienced a breach? Without the proper software and firmware updates, and the proper managed services to monitor and assess a situation, a breach of your CCTV and security systems is a real possibility.  What is to say that it is not happening right now?

Both digital video recorder (DVR) and network video recorder (NVR) solutions are intended to enhance the security of your premises. Images and videos collected via security cameras are stored and managed on these devices. This helps organisations to protect their property and their teams and may provide insight into the way the business runs.

However, a security solution is not necessarily a secure solution. DVR and NVR systems are subject to vulnerabilities.  Just like any other network device they must be managed and maintained with up-to-date patches. What’s more, a business may not even notice that their DVR or NVR has been breached, exposing organisations to serious harm in the long term.

DVR and NVR breaches: a case study

Time and time again, we see breaches occur due to a lack of firmware updates on DVR or NVR appliances. This firmware is the permanent code that is embedded into the DVR or NVR hardware to bolster the system’s defence against a breach.

The Vulnerability

One of the most recent breaches we helped investigate and remediate involved a rather old DVR appliance that had not been patched since it was installed. This meant that the solution was still relying on the original firmware version. In addition to the old and outdated CCTV web application – which was causing security issues of its own – the DVR system was running an outdated version of mini_httpd 1.19, leaving the system exposed.

In particular, CVE-2009-4490 represented a security risk for the solution. Under the National Institute of Standards and Technology (NIST)’s Common Vulnerabilities and Exposures (CVE) classifications, CVE-2009-4490 is defined as a deficiency in the mini_httpd 1.19 firmware’s data logging. The firmware writes data into a log file, but it does not sanitise the non-printable characters. This means that an unauthorised person may be able to access and modify the title of a window, and they could even launch an HTTP request to overwrite files or execute arbitrary commands.

The NIST rates the potential impact of this exposure at 2.9/10, which is relatively low, but deems the vulnerability to be seriously easy for attackers to exploit – scoring 10/10 in this category. These elements combine to give a base score of 5/10 or a medium level of danger.

The identification

Once we understood that the device could be accessed remotely over an internet connection and then tricked into running commands, we knew that further investigation was required. Our trusty companion Wireshark was brought in as a wiretap to see exactly what was going on. Together, we quickly discovered that all sorts of information were being sent to locations across the globe, including Chicago, Hong Kong, England and Shanghai.

The device was also pulling a key file down from the internet and then accessing the Dark Web through a TOR node based in China. It is likely that this device was part of a botnet and was “phoning home” to request commands.

The resolution

Resolving this problem meant immediate remediation, with an updated piece of firmware that prevented further access to the video recorder system. However, this is not the end of the story. Updated coding and systems cannot be simply left to their own devices. Instead, a proactive approach is required, providing ongoing monitoring and assessment of the system, to ensure that DVR and NVR technology serves its purpose and is not left exposed to hackers or other criminals.

Effective remediation, resolution and ongoing protection for your systems

We deploy our in-depth industry knowledge and draw upon the latest best practices and tech as we identify any potential flaws in your DVR or NVR security. From here, we work to patch up any vulnerabilities and put proactive solutions in place to prevent future attacks.

With our Managed Security Services on your side, you can rest assured that these attacks shall not go unnoticed. Our Network Monitoring sensors constantly monitor your networks for intruders and bad actors who try to exploit these old devices. Contact us today for more information and protect your DVR/NVR, your security tech and, of course, your business against attack.

Scroll to top