The team at Positive Research, the research division of Positive Technologies, has recently discovered a large number of alarming vulnerabilities in digital video recorder (DVR) software used with closed-circuit TV systems. By exploiting these weaknesses, an intruder can remotely take control of an entire system; giving them the ability to watch, substitute or delete recorded video, illegally access a company network, broadcast spam or carry out a host of other malicious activities.
Among several vulnerabilities found in DVR software were a default root password which could not be personalized and open service ports. Moreover, our research experts managed to uncover an alleged master password, which was valid for all system accounts – giving its user maximum privileges. This global secret was valid for all DVRs tested and could not be changed by even an administrator.
Globally, most leading DVR brands are at risk to the threats that we’ve uncovered in our latest research. This wide-spread problem has been proliferated by the fact that DVR vendors often use existing flawed DVR software, without modification, with their systems. Based on the analysis performed by our team of experts, at Positive Research, we’ve concluded that the vulnerabilities highlighted are present in 90% of all DVRs that are used by small and medium-sized businesses, for recording surveillance video.
For more information about these risks and other vulnerabilities please contact Positive Research at research@ptsecurity.com.
