Tag Archive for: surveillance

Bypassing Security: How Hackers Can Infiltrate Surveillance Cameras


Hikvision and Dahua lead the world in the production of surveillance cameras, but deficiencies have recently been discovered in their security systems.

With the help of a hacker, BBC Panorama conducted an investigation to test the security of these Chinese-made surveillance cameras, with the results being even more grim than we thought.

These two Chinese brands compose the majority of security cameras used in the UK – from houses and privately-owned properties to local councils and government-related establishments. 

Demonstrating the Infiltration

BBC Panorama recently ran an investigation regarding the reliability of these Chinese-made surveillance cameras. Through a joint effort with a hacker, BBC set up a darkened studio inside its Broadcasting House in London and acted swiftly. 

Starting with a demonstration of how these hackers can hack them, an oblivious BBC employee was the unlucky target. Even in the darkened studio, the hacker can see everything he does through the lens of a hijacked security camera. 

Personal things, such as entering his phone’s passcode, the interior of his surroundings, and everything he’s typing on the laptop. Every single action the employee takes is seen and monitored by the hacker. 

Read Also: What Is Ethical Hacking? Here’s How It Helps Make Blockchain More Secured

Risks and Caution

UK’s Biometrics and Surveillance Camera Commissioner, Professor Fraser Sampson, warned that the crucial infrastructure in the country, including access to clean food and water, transport networks, and power supplies, is vulnerable.

“All those things rely very heavily on remote surveillance – so if you have an ability to interfere with that, you can create mayhem, cheaply and remotely,” Sampson said.

Charles Parton, a fellow at Royal United Services Institute (RUSI) and a former diplomat who worked in Beijing, seemed to agree and said: “We’ve all seen the Italian Job in our youth, where you bring the whole of Turin to a halt through the traffic light system. Well, that might have been…

Source…

Netgear Routers’ Flaws Expose Users to Malware, Remote Attacks, and Surveillance


May 12, 2023Ravie LakshmananNetwork Security / Malware

Netgear

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.

“Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into network traffic,” Claroty security researcher Uri Katz said in a report.

Additionally, a network-adjacent threat actor could also weaponize the flaws to access and control networked smart devices like security cameras, thermostats, smart locks; tamper with router settings, and even use a compromised network to launch attacks against other devices or networks.

Cybersecurity

The list of flaws, which were demonstrated at the Pwn2Own hacking competition held at Toronto in December 2022, is as follows –

  • CVE-2023-27357 (CVSS score: 6.5) – Missing Authentication Information Disclosure Vulnerability
  • CVE-2023-27368 (CVSS score: 8.8) – Stack-based Buffer Overflow Authentication Bypass Vulnerability
  • CVE-2023-27369 (CVSS score: 8.8) – Stack-based Buffer Overflow Authentication Bypass Vulnerability
  • CVE-2023-27370 (CVSS score: 5.7) – Device Configuration Cleartext Storage Information Disclosure Vulnerability
  • CVE-2023-27367 (CVSS score: 8.0) – Command Injection Remote Code Execution Vulnerability
Netgear

A proof-of-concept (PoC) exploit chain illustrated by the industrial cybersecurity firm shows that it’s possible to string the flaws — CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370, and CVE-2023-27367 (in that order) — to extract the device serial number and ultimately obtain root access to it.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

“These five CVEs can be chained together to compromise affected RAX30 routers, the most severe of which enable pre-authentication remote code execution on the device,” Katz noted.

Users of Netgear RAX30 routers are advised to update to firmware version 1.0.10.94 released by the networking company on April 7, 2023, to…

Source…

How US threatens global internet security through decades of cyber surveillance, attacks



Photo: VCG

Photo: VCG

Editor’s Note:

A decade has passed since the PRISM scandal was exposed by Edward Snowden and enraged the world. Under the guise of so-called “national interests,” the US government and its related intelligence agencies utilize their technological and first-mover advantages to conduct cyber surveillance and attacks around the world.

Documents leaked from the Pentagon earlier this year offered further proof that the US has extended its hand to almost every corner of the globe. What evil deeds the US has orchestrated and probably continues to do in the cyber world?  In this series, the Global Times will closely look into how this veritable “network surveillance empire” gradually damages global cyber security through its intelligence network, which has in turn severely hurt its own reputation and credibility.

 

Recently leaked Pentagon documents have once again exposed to the world the ugly face of US espionage campaigns orchestrated against other countries. While maintaining the close surveillance of both its “enemies” and allies, the US has extended its evil hand to almost every corner of the globe.

For years, the US has conducted large-scale surveillance and launched cyberattacks targeting overseas governments, companies, and individuals with its technological advantages and vast intelligence network, a severe violation of International Law and the basic norms governing international relations. Worse still, the US paints itself as the victim while perpetrating these villainous acts, by defaming other countries including China with groundless accusations. 

Last month, China’s Cybersecurity Industry Alliance (CCIA) released a report titled “Review of Cyberattacks from US Intelligence Agencies – Based on Global Cybersecurity Communities’ Analyses.”

The report details the malicious behavior of the US in conducting long-term cyberattacks and surveillance worldwide, such as attacks against key infrastructure in other countries, indiscriminate cyber theft and monitoring, and implantation of backdoor pollution standards and supply chain sources.

The report lays out evidence that reveals the true nature of the US’ role as the world’s biggest secret information stealer and “hacker…

Source…

World Insights: Unchecked surveillance empire


(Xinhua) 10:16, April 29, 2023

A huge slogan board stands in front of the U.S. Capitol building during a protest against government surveillance in Washington D.C., capital of the United States, on Oct. 26, 2013. (Xinhua/Fang Zhe)

Analysts say that cyber warfare is one of the tools used in its “hybrid warfare.” Like economic sanctions, terrorist activities, psychological warfare, and military actions, it is a means by which the United States interferes in other countries and achieves its own political goals.

BEIJING, April 28 (Xinhua) — The United States is notorious for its cyber record. Just ask the National Security Agency (NSA), which in 2013 suffered the biggest leak in its history when Edward Snowden, a former CIA contractor, walked out with a vast trove of secret documents.

Snowden disclosed to the press details of extensive internet and phone surveillance by American intelligence. As the scandal widened, multiple media outlets revealed that NSA tapped directly into the servers of internet firms to track online communication in a surveillance program known as Prism.

A decade later, it’s the Pentagon in the limelight this time. A set of highly classified documents from the department were leaked online in recent weeks, in an apparent security breach that revealed U.S. intelligence gathering on some of its key allies. South Korea, one of those affected, has played down any possibility of tension, reiterating its “strong” ties with America.

Those documents also reportedly include military assessments on the Ukraine crisis and CIA reports on a range of global issues. The embarrassing leak has endangered intelligence methods, exposed American strategy and undermined trust among U.S. allies, CNBC quoted former defense department officials and intelligence experts as saying.

SURVEILLANCE OBSESSION

For years, Washington has been spying on the world through electronic eavesdropping and communication interception, with the targets ranging from what it called “strategic competitors” to its European partners.

Anti-secrecy group WikiLeaks in 2015 released a trove of documents titled “Target Tokyo” detailing systematic mass surveillance the agency undertook of Japanese…

Source…