According to France-based cybersecurity firm RandoriSec, IP cameras sold by a dozen vendors are vulnerable to remote assaults due to many major vulnerabilities discovered in the firmware they all share.
Researchers from RandoriSec uncovered a slew of serious and high-severity flaws in UDP Technology’s IP camera firmware, a South Korean business that specialises in digital video solutions for the security and IP surveillance industries.
Earlier this month, the cybersecurity firm published a blog post explaining its discoveries, and the US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory warning users about the risks posed by these flaws on Tuesday.
Since 2017, RandoriSec has been discovering vulnerabilities in UDP Technology firmware. The company’s most recent investigation discovered 11 remote code execution issues and one authentication bypass vulnerability. Unauthenticated attackers can use the vulnerability to take complete control of the cameras in question.
While the flaws were discovered after a study of IP cameras provided by Geutebrück, a German video management solutions company, RandoriSec founder Davy Douhine told SecurityWeek that he is convinced that IP cameras from all other vendors who use the UDP Technology software are also susceptible.
RandoriSec identifies Ganz, Visualint, Cap, THRIVE Intelligence, Sophus, VCA, TripCorps, Sprinx Technologies, Smartec, and Riva as UDP firmware vendors in a blog post explaining its results.
According to Douhine, the authentication bypass vulnerability they discovered can be exploited to directly hack impacted IP cameras over the internet. He provided a Shodan search query with SecurityWeek that revealed over 140 internet-exposed machines, mostly in the United States and the United Kingdom.
The cybersecurity business has been developing Metasploit modules to exploit the UDP vulnerabilities; the first Metasploit modules were disclosed in an attempt to “wake up” the vendor, but it failed.
RandoriSec is now working on a post-exploitation module that may be used to freeze the targeted camera or inject arbitrary pictures, similar to what is shown in movies.
“We’re particularly proud of this last one because it appears to be the first of its sort in Metasploit,” stated Douhine in an email.
UDP Technology did not reply to RandoriSec’s notification attempts, although the company did provide updates after being notified of the vulnerabilities by Geutebruck, according to RandoriSec. Geutebruck has made the patches accessible to its customers, and the cybersecurity firm believes other impacted camera makers have received them as well, though it is unable to confirm this.