Zero day in popular video surveillance technology goes public, unpatched
Sharp-eyed researchers have spotted a critical vulnerability in numerous surveillance devices from the video management company NUUO. We’ve seen this before: In 2016, multiple critical vulnerabilities in NUUO devices were publicized in an excruciatingly public way. The latest — a buffer overflow issue — was spotted by researchers at the U.S. cybersecurity firm Tenable, which has named the bug Peekaboo. The bug allows remote code execution on video surveillance systems. That means a hacker could watch or tamper with surveillance feeds. Tenable publicly detailed the bug on its blog after having privately notified NUUO more than 90 days ago. The Maryland-based cybersecurity company’s vulnerability disclosure policy states that after 90 days, researchers will go public. NUUO, which is based in Taiwan and has offices worldwide, says a patch is in development. NUUO’s products can be found in government buildings as well as in industries including banking, retail and transportation. The company’s software works with cameras from over 100 different […]
The post Zero day in popular video surveillance technology goes public, unpatched appeared first on Cyberscoop.
Continue reading Zero day in popular video surveillance technology goes public, unpatched