Hackers show you can use a common Web bug to redirect video file playback on surveillance system
Bad guys are always trying to cover their tracks, and now there's a way for them to hide from the security camera, too: A pair of U.K. researchers recently demonstrated how you can exploit cross-site-scripting (XSS) vulnerabilities in a Web-based video surveillance system's software to control what it plays back.
ProCheckUp's Amir Azam and Adrian Pastor were able to hack the Web-based AXIS 2100 camera system using several XSS bugs as well as cross-site request forgery (CSRF) flaws. They have posted a video of the hack online, according to a published report.
A couple of caveats to this: The Axis 2100 camera is no longer supported by the vendor, although it's still widely installed in many organizations, according to the researchers. They argue in their white paper that despite this, and the fact that Axis has patched some of the bugs, the flaws are likely widespread. "We need to remember that vendors reuse code all the time. This means that whenever we find vulnerabilities, these vulnerabilities might exist within other models as well."
And for the attack to work, the victim (security guard) would have to check the log files of the video system to trigger the exploit. The researchers say this could be accomplished by launching a denial-of-service attack or some sort of social engineering ploy.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024