Researchers: Surveillance System DVRs Vulnerable To Attack
Almost a year after finding exploitable vulnerabilities with TrendNet security systems, a team of researchers has returned to find the digital video recorders used by surveillance systems are also vulnerable to attack.
According to Console Cowboys, security systems marketed under the names Swann, Lorex, Night Owl, Zmodo, URMET, kguard security, among other brands, are vulnerable to attack. They noted that the DVR they tested used telnet, but that (fortunately) the login was rather hard to acquire -- so they simply opened up the case and used its serial port to find the root password for the device. In a blog the researchers detail the step by step process they used to get inside the device. They also include python scripts.
Bottom line, the researchers warn that "A whole slew of security dvr devices are vulnerable to an unauthenticated login disclosure and unauthenticated command injection."