Researchers at security firm Tenable have recently revealed a zero-day vulnerability involving security cameras and surveillance devices, numbered CVE-2018-1149, codenamed “Peekaboo.” An attacker could exploit this vulnerability to execute code on the video surveillance system software remotely.
Correctly, an attacker can use this vulnerability to browse and tamper with video surveillance records and other information, as well as steal confidential data such as credentials, IP addresses, port usage, and model of monitoring devices. The attacker can even wholly disable the monitoring device such as the camera.
The main reason for these vulnerabilities lies in video surveillance management software called “Nuuo.” This software provides customers with video surveillance systems, which are used by many airports, banks, government agencies, and residential areas. Therefore, the scope of the vulnerability is vast.
Tenable has reported the vulnerability to Nuuo Software, Inc., which is making patches. Tenable is currently introducing a plug-in that organizations can use to detect if a device is affected by Peekaboo.