Craig Heffner, now a vulnerability researcher with Tactical Network Solutions (the company behind the Reaver WiFi cracking tool) says he found the vulnerabilities while working as a software developer with the National Security Administration, reports Reuters. It is not clear from the report whether ‘Administration’ is synonymous with ‘Agency’ or refers to wider national security organizations, such as the DHS. However, if it is indeed the National Security Agency, it can be assumed that the NSA is also aware of these vulnerabilities.
What Heffner discovered is that widely used surveillance cameras from firms including Cisco Systems Inc, D-Link Corp and TRENDnet contain undisclosed bugs that make them susceptible to hacking. "It's a significant threat," he said. “Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.”
The public has grown accustomed to knowing that surveillance cameras are used by law enforcement agencies and local government to keep them safe from criminals and terrorists, but it is a new twist to think that the same cameras could be used by criminals to keep them safe from the police. Heffner pointed out that he could even freeze the image from the camera, like a scene straight out of Hollywood, to allow infiltrators to pass unnoticed.
He told Reuters that he had not discussed the vulnerabilities with the vendors, but would reveal all at Black Hat, Las Vegas. “Cisco, D-Link and TRENDnet said they would take any appropriate action that might be needed to secure their equipment after the Black Hat presentation,” reported Reuters.
That there are – allegedly, at this point – vulnerabilities in the cameras will come as no surprise to security experts. Any device with an IP address can be probed and potentially breached remotely. Indeed, someLuser found vulnerabilities in about 20 security camera solutions earlier this year. His claims were investigated by Rapid7 who found they could access the device configuration and gain cleartext usernames and passwords.