back to article NUUO, do not want! CCTV webcams can be hacked to spy on you

Researchers have uncovered two flaws that leave more than 100,000 NUUO-powered internet-connected surveillance cameras open to remote takeover. Tenable Research on Monday laid claim to discovering two bugs in NUUO's Network Video Recorder firmware that can be exploited to covertly access a camera's video feed or simply take …

  1. Jay Lenovo


    If they were really closed circuit devices, they have no business on the open internet anyway.

    1. whitepines

      Re: CCTV?

      Brilliant. We should coin a new term, like ONTV (Open Network TV) that's more accurate.

      Anyone remember the Game Station from Dr. Who?

    2. vtcodger Silver badge

      Re: CCTV?

      While someone might buy CCTV cameras to monitor day to day activity -- to detect shoplifting for example -- they might also buy them to monitor for vandalism, theft, etc when no one is around. That implies sending the signal to somebody who will watch for suspicious activity in the wee hours of the morning. Some of these things are probably going to be on the internet. Conceptually, there should be a properly configured firewall between the camera and a bored hacker in Budapest. But in practice a lot of them won't have firewalls at all, and some that do will have misconfigured firewalls.

      What to do about that situation ... I haven't the slightest. And neither, really, does anyone else.

    3. K

      Re: CCTV?

      My thoughts exactly...

      I'm still trying to determine how so many of these devices are accessible.. typically they are put on a WIFI network, which 99.999% has a NAT Firewall/Router in front of it!

      So are there really so many morons that are using IP or Port forwarding to these devices? Or am I being a moron and not realising there is another avenue of attack!

      1. Anonymous Coward
        Anonymous Coward

        Re: CCTV?

        I'll bet it is a compromise inside a network (email malware or whatever) that scans your LAN for vulnerable CCTV devices and p0wns them. Most NVRs support a form of 'P2P' connection that doesn't require opening any ports, enabling uPnP or whatever.

  2. MiguelC Silver badge

    That second flaw is a bit redundant

    Once you have root access using the first bug, what's the point of using the other one to list users and change passwords? You already have root access to do anything you want!

    1. Christian Berger

      Well, yes, but...

      imagine the manufacturer closes the first bug. If you used the second bug to get a normal account, you can still use that account.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like