Security News Digital video recorder installers master password list 'leaked' – claims

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
If true, we're talking remote viewing of people's CCTV cams
Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again.

The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online.

"If the creds are what we think they are, they may be enough to remotely take over certain CCTV systems," Ken Munro, a director at UK security consultancy Pen Test Partners (PTP), told El Reg. "[It's] a bit like Mirai, but the consequence is remote viewing of people's CCTV cameras."

PTP found the leaked list [PDF] on the LinkedIn page for a CCTV installer in Nigeria. This list, which covers login credentials for the rest of 2017, is essentially a one-time pad or per-day superuser password for a DVR service. One-time pads are only effective if they are shared in complete confidence and not reused.

Mikko Hyponnen, CRO of security software firm F-Secure, has since noted the same documents elsewhere on the internet.

The document references XMEye, a cloud service offered by ZY Security for remotely accessing DVR video streams. "The service only appears available to certain DVR types, which we can't find on sale outside of China," according to Munro. "[We] still haven't successfully attributed the creds, but this is yet another massive Xiongmai DVR fail."

..more in the link above...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top