Tag Archive for: CAMERAS.

China’s Hikvision, Dahua Security Cameras Heighten Risks Of Russian Attacks On Ukraine


KYIV – As Russia’s full-scale invasion of Ukraine nears the two-year mark, hundreds of thousands of Chinese-made Hikvision and Dahua video-surveillance cameras, used by government-run security systems, residences, and private companies throughout Ukraine, heighten the risks of attacks by the Russian military, Ukrainian digital-security experts and government officials fear.

When Russian missiles struck Kyiv in a January 2 attack that killed at least three people, two ordinary outdoor CCTV cameras – one for a condominium, the other for a parking lot — helped guide their way, the State Security Service of Ukraine (SBU) claims.

A heavily damaged building in Kyiv which was hit by a missile on January 2 that may have been guided by CCTV cameras.

A heavily damaged building in Kyiv which was hit by a missile on January 2 that may have been guided by CCTV cameras.

After hacking the cameras, Russian intelligence used them “to spy on the Defense Forces in the capital” and to record images of “critical infrastructure facilities,” according to the SBU.

One of those cameras was a 2016 Chinese-made Hikvision device, a law enforcement official who requested anonymity because of the sensitivity of the subject told Schemes, the investigative unit of RFE/RL’s Ukrainian Service.

“Such cameras are usually just connected to the Internet and are already relatively outdated — that is, with software that has not been updated for a long time and has many known vulnerabilities,” said Serhiy Denysenko, executive director of the Ukrainian information-security company CyberLab’s Digital Forensics Laboratory.

Information security specialist Serhiy Denysenko (left) with Schemes journalist Kyrylo Ovsyaniy.

Information security specialist Serhiy Denysenko (left) with Schemes journalist Kyrylo Ovsyaniy.

Manufacturers’ “basic” camera software means that “hackers — or, in this case, the Russian special services – who are scanning the Internet can find this camera and gain access to it,” Denysenko said.

To test the SBU’s claims, a Digital Forensics Laboratory specialist hacked into a 2015 Hikvision CCTV camera in about 15 minutes.

From 2014 to 2022, three Ukrainian companies imported over 875,000 CCTV cameras and other devices related to video surveillance made by Hikvision, and a single company imported nearly 1.1 million cameras and other devices related to video…

Source…

Ubiquiti fixes massive bug that allowed users to view others’ security cameras


In context: Internet of Things (IoT) devices have often been scrutinized for being prone to security vulnerabilities. Many reports have detailed how smart cameras, doorbells, etc., are relatively easy to hack. It seems things haven’t changed much in the last several years.

A new development now puts the spotlight squarely on networking device manufacturer Ubiquiti after the company admitted that a misconfiguration with its cloud infrastructure allowed some of its customers to watch footage from strangers’ security cameras.

The admission came days after some Ubiquiti customers reported seeing images and videos from other people’s cameras through the company’s Unifi Protect cloud app. One of the first persons to report the bug was a Redditor claiming his wife received a notification, which included an image from a security camera that didn’t belong to them.

Another Redditor reported something even more alarming. The poster claimed to have navigated to the official Unifi device manager portal and logged into someone else’s account despite entering their own Unifi credentials. The user claimed seeing footage from another customer’s UDM Pro and could navigate the device and view or change settings.

A Ubiquiti customer on the company’s forum claimed to have accessed “88 consoles from another account” when logging into the Unifi portal. The user had full access to these devices until refreshing their browser. After that, the client returned to normal, with only owned devices showing.

After a massive outcry from customers, Ubiquiti fixed the bug. Last week, Ubiquiti released a statement admitting that in “a small number of instances,” users either received notifications from unknown consoles or accessed consoles that didn’t belong to them.

The company claims the problem happened due to an upgrade to Ubiquiti’s UniFi Cloud infrastructure, which it has since resolved. So, customers should no longer worry about their other users accessing their cameras and UniFi accounts. While the company claimed the bungle affected 1,216 accounts in one group and 1,177 in another, supposedly fewer than a dozen instances of improper access occurred. It added that it would notify those customers about…

Source…

Novel Mirai-based DDoS botnet exploits 0-days to infect routers and security cameras


Threat actors are exploiting previously unknown bugs in certain routers and network video recorder (NVR) devices to build a Mirai-based distributed denial-of-service (DDoS) botnet, dubbed InfectedSlurs.

The newly discovered zero-day remote code execution vulnerabilities can be exploited if the device manufacturers’ default admin credentials have not been changed – a security measure users very often fail to take.

In a post this week, researchers at Akamai’s security intelligence response team (SIRT) said they discovered the botnet through their global honeypots last month and identified it was targeting network video recorder (NVR) devises from a specific manufacturer.

“The SIRT did a quick check for CVEs known to impact this vendor’s NVR devices and was surprised to find that we were looking at a new zero-day exploit being actively leveraged in the wild,” the researchers wrote.

Further investigation revealed a second device from a different manufacturer – a wireless LAN router designed for hotels and residential use – was also being targeted by the threat actors behind the botnet.

The researchers said they alerted the manufacturers to the respective vulnerabilities and were told by both that they expected to release patches for the affected devices next month. Until that occurred, Akamai would not identify the manufacturers.

“There is a thin line between responsible disclosing information to help defenders, and oversharing information that can enable further abuse by hordes of threat actors,” the researchers said.

In the case of the router the threat group was targeting, it was manufactured by a Japanese vendor that produced multiple switches and routers. Japan’s Computer Emergency Response Team (JPCERT) had confirmed the exploit, but Akamai did not know if more than one model in the company’s catalog was affected.

“The feature being exploited is a very common one, and it’s possible there is code reuse across product line offerings,” the researchers said.

Akamai labelled the botnet “InfectedSlurs” after the researchers discovered racial epithets and offensive language within the naming conventions used for the command-and-control domains associated with…

Source…

Sneaky lightbulb security cameras are the next big thing in home security


Have you ever wished you could keep an eye on your home or office without anyone noticing? Well, now you can with new sneaky lightbulb cameras. The invention combines the functionality of a lightbulb and a live video camera in one perfect spying tech device.

But are they secure? That’s a question many people have, including Cheryl from Florida.

“Hi Kurt, I recently read an article or advertisement about lightbulb cameras. They would be hooked up via the Wi-Fi. Are they secure?”  – Cheryl, Florida

This is a great question because most people may not know how to operate lightbulb cameras because they are so new to the market. Let’s go more in depth about what they are and how they operate so that we all have a better understanding of what these new products can do for you.

Lightbuld camera

Lightbulb cameras are designed to look like regular lightbulbs. However, they come equipped with a camera that captures high-quality video footage. (Cyberguy.com)

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

What are lightbulb cameras?

Lightbulb cameras are designed to look like regular lightbulbs. However, they come equipped with a camera that captures high-quality video footage.

You can install them anywhere you have a light socket, and they will record everything that happens in your space. You can also watch the live feed from your smartphone or computer anytime you want. Lightbulb cameras are the perfect solution for discreet and convenient security.

Some of the best lightbulb security cameras also offer additional features such as motion detection, night vision and two-way audio communication.

MORE: TOP PICKS TO AMP UP YOUR HOME SECURITY

Why would I want to purchase a lightbulb camera?

Lightbulb security cameras do have some features you may not be able to get with a traditional security camera. One thing about them is they are typically wireless and do not take any extra wiring to work, which means they’re easy to install.

Another perk of having a lightbulb security camera is it can rotate close to 360 degrees. This means that you will have a wide variety of coverage and will be able to tilt to every angle, so you can pretty…

Source…