CCTV?
If they were really closed circuit devices, they have no business on the open internet anyway.
Researchers have uncovered two flaws that leave more than 100,000 NUUO-powered internet-connected surveillance cameras open to remote takeover. Tenable Research on Monday laid claim to discovering two bugs in NUUO's Network Video Recorder firmware that can be exploited to covertly access a camera's video feed or simply take …
While someone might buy CCTV cameras to monitor day to day activity -- to detect shoplifting for example -- they might also buy them to monitor for vandalism, theft, etc when no one is around. That implies sending the signal to somebody who will watch for suspicious activity in the wee hours of the morning. Some of these things are probably going to be on the internet. Conceptually, there should be a properly configured firewall between the camera and a bored hacker in Budapest. But in practice a lot of them won't have firewalls at all, and some that do will have misconfigured firewalls.
What to do about that situation ... I haven't the slightest. And neither, really, does anyone else.
My thoughts exactly...
I'm still trying to determine how so many of these devices are accessible.. typically they are put on a WIFI network, which 99.999% has a NAT Firewall/Router in front of it!
So are there really so many morons that are using IP or Port forwarding to these devices? Or am I being a moron and not realising there is another avenue of attack!