Millions of CCTV cameras and other IoT devices have been found to be vulnerable to hacking attacks using several security bugs, including the one tracked in the CVE-2019-11219 advisory. A large majority of them are the ones that are being controlled by the CamHi application. Such devices are overwhelmingly used across Europe and the UK.
CVE-2019-11219 and CVE-2019-11220 Used To Hack Vulnerable CCTV Devices
A range of new dangerous vulnerabilities have been detected in CCTV cameras and other IoT devices. According to the newest research millions of devices are affected across Europe, Asia and the UK and CCTV cameras cover the biggest percentage of them, across all device types. According to recent security reports the estimated number of vulnerable devices is around 3.5 million. Brand manufacturers that are confirmed to have vulnerable devices include the following:
Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT, and Tenvis
The problem lies within the peer-to-peer connectivity feature which is used to control the remote connection from the devices to the users. The security advisories that reveal further information about the issues are the following:
- CVE-2019-11219 — The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.
- CVE-2019-11220 — An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials.
If Hackers Exploit The CVE-2019-11219 Vulnerability What Can Happen?
The information shows that all devices which are manufactured to include the P2P feature which is implemented by the Shenzhen Yunni Technology company has developed. Effectively the victim devices can be easily identified using digital fingerprint scanner software and intruded into. The vulnerability allows the hackers to bypass the firewall security features and gain access to the administrative user passwords. This allows them to login into the devices and take over control of them.
One of the most dangerous factors surrounding this particular attack is that millions of devices are affected as most of them are CCTV cameras which have been penetrated behind internal networks they allow the hackers to view live footage of secure zones. This means that the criminals can potentially gain information on company secrets, private lives of people or company employees. Many of the installed cameras also include built-in microphones which further adds to the possibility of hijacking private information.
The infected IoT devices can also be recruited to a worldwide botnet network which can result in the target devices being used to coordinate large-scale sabotage operations.
The company that is producing the cameras and the software developers of the CamHi application are now working on updates that should fix the problem. In the meantime we recommend that owners change the default passwords and monitor for any unusual network connections or changed settings. Get in touch with the manufacturer and follow their “News” sections and update as soon as new software is released!