Hackers show you can use a common Web bug to redirect video file playback on surveillance system
Bad guys are always trying to cover their tracks, and now there's a way for them to hide from the security camera, too: A pair of U.K. researchers recently demonstrated how you can exploit cross-site-scripting (XSS) vulnerabilities in a Web-based video surveillance system's software to control what it plays back.
ProCheckUp's Amir Azam and Adrian Pastor were able to hack the Web-based AXIS 2100 camera system using several XSS bugs as well as cross-site request forgery (CSRF) flaws. They have posted a video of the hack online, according to a published report.
A couple of caveats to this: The Axis 2100 camera is no longer supported by the vendor, although it's still widely installed in many organizations, according to the researchers. They argue in their white paper that despite this, and the fact that Axis has patched some of the bugs, the flaws are likely widespread. "We need to remember that vendors reuse code all the time. This means that whenever we find vulnerabilities, these vulnerabilities might exist within other models as well."
And for the attack to work, the victim (security guard) would have to check the log files of the video system to trigger the exploit. The researchers say this could be accomplished by launching a denial-of-service attack or some sort of social engineering ploy.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024