Posted on May 3, 2023 at 6:09 PM
Hackers exploit a five-year-old vulnerability in TBK DVR camera
Hackers have exploited a five-year-old vulnerability within the TBK DVR camera system. The vulnerability is tracked as CVE-2018-9995, and it was exploited in the wild on April 2023, according to a report by security researchers at Fortinet.
Hackers exploit a high-severity bug in TBK DVR camera
The high-severity vulnerability detected by the Fortinet researchers comes from an era that the camera experiences when responding to an HTTP cookie crafted maliciously.
The remote attacker behind this hacking campaign might exploit this flaw to bypass authentication and gain access to administrative privileges, which might result in an unauthorized individual gaining access to the video feeds created using the camera.
The team behind the Fortinet cybersecurity company published an Outbreak alert on this vulnerability. In this alert, the team noted a significant increase in hacking attempts on devices with unique intrusion prevention systems (IPS). Over 50,000 attempts targeting these devices were recorded by the researchers last month.
The company uses the advisory sent by the Fortinet team to issue warnings to the entire cybersecurity industry. These warnings relate to events that might have significant effects and affect the overall functioning of an organization. These warnings ensure that the affected parties remain vigilant and implement measures that will minimize the damage posed by the threat actors.
In most cases, this alert is sent after the company has already been notified of the vulnerability and they have already released a patch to fix it. However, in the recent case, Fortinet released this alert because a patch for it remains unavailable despite the vulnerability being first detected in 2018. Therefore, the users of these devices have remained vulnerable to hacking exploits for over five years.
The firm has also said it has not received an alert of a patch being released to cater to this vulnerability. “We are not aware of any patches provided by the vendor and recommend organizations to review installed models of CCTV camera systems and related equipment for vulnerable models,” the company said.
“With tens of thousands of TBK DVRs available under different brands, publicly-available PoC code, and an easy-to-exploit makes this vulnerability an easy target for attackers. The recent spike in PIS detection shows that network camera devices remain a popular target for attackers,” the report said.
FortiGuard Labs said it is unaware of any patch the company has released. Therefore, it has urged all the organizations that have used these CCTV camera systems and the related equipment for the vulnerable models.
A wide range of users are vulnerable to the exploit
The TBK DVR website also said 600,000 cameras, 50,000 CCTV recorders, and 300,000 accessories have been installed worldwide. These cameras have been installed across various organizations, such as retail, banking, and government institutions, among other sectors.
The number of institutions affected by this vulnerability shows the wide attack surface. It also shows an increased likelihood of the threat actors turning towards some of these organizations to launch attacks that might be sensitive and trigger a widespread attack that might cripple some organizations.
The alert also said tens of thousands of TBK DVRs are currently available and in use. These cameras operate under different brands and rely on a publicly available proof of concept (PoC) code. The devices are also easy-to-exploit, which makes the vulnerability an easy target for the threat actors.
The alert further said that the recent increase in IPS detections shows that network camera devices have remained a popular target for hackers. Organizations should therefore be on the lookout for internet-facing devices such as cameras. However, when organizations conduct patches, they often overlook these devices, leaving them vulnerable to exploits.
John Bambenek, the Principal Threat Hunter at Netenrich, commented on this development, saying that the first step in protecting devices, especially those connected to the internet, was to install a patch or have firmware updates. In most cases, manufacturers set these devices to auto-update by default, ensuring that the devices are updated any time that a patch is released.
The advisory published by Fortinet also comes amid a shift in video privacy trends and challenges. An analysis conducted by the CEO of Pimloc has also looked into the new trends in the industry and the risks posed by these trends.