Cybercriminals are exploiting vulnerabilities in surveillance cameras, stay alert!
Several cameras have vulnerabilities that could allow for the leakage of real-time images.
Recent research has revealed that cybercriminals are targeting surveillance cameras from various manufacturers, exploiting two zero-day vulnerabilities to take control of these devices, manipulate their transmissions, and carry out other malicious actions. Cybersecurity experts from GreyNoise detected these attacks after their AI-powered analysis tool, Sift, issued an alert regarding intrusion attempts on PTZ (pan-tilt-zoom) cameras with Network Device Interface (NDI).
The affected cameras are used in various environments, such as industrial and manufacturing plants for machinery surveillance and quality control, as well as in corporate conferences for high-definition streaming and remote presentations. Other applications include telemedicine consultations in the healthcare sector, court sessions, and live broadcasts in places of worship.
According to GreyNoise, many of the compromised devices are expensive, with some models costing thousands of dollars. The detected vulnerabilities affect the firmware of VHD PTZ cameras with versions lower than 6.3.40, specifically in devices from PTZOptics, Multicam Systems SAS, and SMTAV Corporation, which use the Hisilicon Hi3516A V600, V60, V61, and V63 system-on-chip. The vulnerabilities have been assigned the identifiers CVE-2024-8956 and CVE-2024-8957. The first has been classified as critical with a score of 9.1, while the second is considered high risk with a score of 7.2. Exploitation allows attackers to gain full control of the cameras, manipulate transmissions, and disable functions, even integrating them into botnet networks.
While security patches have already been issued for some models, others remain without a solution. For example, PTZOptics released a security update on September 17; however, some models, such as the PT20X-NDI-G2 and PT12X-NDI-G2, were already obsolete and did not receive patches. Additionally, a fix is still awaited for the PT20X-SE-NDI-G3 and PT30X-SE-NDI-G3 models.
Users are advised to consult with their manufacturers regarding the availability of fixes for the mentioned vulnerabilities, as it is highly likely that the list of affected models is more extensive than what has been determined so far.
