According to Fortinet security researchers, a five-year-old vulnerability in TBK’s DVR camera system (CVE-2018-9995) was exploited in the wild in April 2023.
The high-severity flaw stems from an error the camera experiences when handling a maliciously crafted HTTP cookie. A remote attacker can exploit this flaw to bypass authentication and gain administrative privileges, eventually leading to access to the camera’s video feeds.
In an outbreak alert published on Monday, the Fortinet team explained that it noticed an increase of more than 50,000 attack attempts on these devices with unique IPS (Intrusion Prevention Systems) detections last month. The company uses this type of advisory to warn the broader cybersecurity industry about events that could have significant ramifications and affect multiple organizations.
In this case, the alert was issued because, although the vulnerability was first discovered in 2018, a patch may not yet be available for it.
“[We are] We are not aware of any vendor-provided patches and recommend that organizations review installed models of CCTV camera systems and related equipment for vulnerable models,” the firm wrote.
Read more about CCTV-focused attacks here: The rise of CCTV hackers in an evolving cyber threat landscape
In addition, according to TBK’s website, there are currently 600,000 cameras, 50,000 CCTV recorders and 300,000 accessories installed worldwide in banking, commercial, government and other sectors, making the attack surface of the vulnerability is particularly wide.
“With tens of thousands of TBK DVRs available under different brands, PoC publicly available [proof of concept] code and an easy exploit makes this vulnerability an easy target for attackers,” the alert reads. “The recent increase in IPS detections shows that network camera devices remain a popular target for attackers”.
Organizations need to protect Internet-connected devices like cameras, but often overlook them in their patching processes.
“The first step to securing almost any device, especially Internet-facing ones, is to apply patches (or firmware updates). Ideally, manufacturers would set these devices to automatically update by default,” he commented. John Bambenek, Principal Threat Hunter at Netenrich.
Fortinet’s warning comes amid a shift in video privacy trends and challenges. This analysis by Pimloc CEO Simon Randall delves into these new trends.
Ikaroa is following closely the news of a recent security issue with the TBK DVR Camera System. Hackers recently discovered a high severity flaw in the system, allowing them to gain remote access to connected surveillance cameras. This could potentially enable access to sensitive information, making it necessary for those who use the system to immediately update the network and security protocols.
Ikaroa strongly recommends that any customers or IoT device users of the TBK DVR Camera System immediately update their network and security protocols to the latest version and to review their security strategies to ensure that systems like this one remain secure. Additional measures, such as requiring two-factor authentication and/or passwords for access to the cameras as well as performing regular system audit and assessments, are also important steps to help protect these systems from malicious actors.
It is also very important that IoT device users take the necessary precautions while enabling remote access. For example, only allow access if needed, review system logs regularly, and disable services that may not be required. This can help protect your devices from malicious activity or intrusion.
The malware campaigns related to this high severity flaw have led to rapid adoption of additional security measures. This incident is yet another reminder of why it is so important to properly secure our systems and devices. At Ikaroa, we specialize in providing innovative tech solutions which are designed to keep companies’ data secure and their systems up-to-date. We are confident that we can help you protect your business from these threats and more.