Digital Video Recorders (DVRs)

The near ubiquitous set-top boxes, which people use in their homes to record TVs shows, have become another favorite target for attackers. Compromised DVRs have been linked to recent massive DDoS attacks, and researchers have warned of attackers creating large botnets of such devices for use in various malicious ways.

As with home routers, DVRs often ship with poor- to nearly nonexistent security controls. Many are connected to the Internet with hard-coded or default passwords and usernames. Often DVRs from multiple manufacturers integrate components from the same supplier. As a result, a security flaw in one product is likely to exist in another vendor's product as well.

Security vendor Flashpoint recently analyzed malicious code that was used in DDoS attacks involving IoT devices. The company discovered that a large number of DVRs being exploited by the malware were preloaded with management software from a single vendor. The supplier sold DVR, network video recorder (NVR), and IP camera boards to numerous vendors who then used the parts in their own products. Flashpoint estimated that more than 500,000 network-connected DVRs, NVRs, and IP cameras were vulnerable to the attack code because of a vulnerable component from a single vendor.

Image Source: Zealot via Shutterstock