A security vulnerability has been found in Dahua’s Open Network Video Interface Forum (ONVIF) standard implementation, which can lead to seizing control of IP cameras. The bug identified by Nozomi Networks resides in the WS-UsernameToken authentication mechanism implemented in certain IP cameras developed by Dahua, allowing attackers to compromise the cameras by replaying the credentials.
The vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera.
The issue impacts the Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620, Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614 and Dahua IPC-HX2XXX: Versions prior to v2.820.0000000.48.R.220614.
The researchers said, “Threat actors, nation-state threat groups in particular, could be interested in hacking IP cameras to help gather intel on the equipment or production processes of the target company. This information could aid in reconnaissance conducted prior to launching a cyberattack. With more knowledge of the target environment, threat actors could craft custom attacks that can physically disrupt production processes in critical infrastructure.”
ONVIF governs the development and use of an open standard for how IP-based physical security products such as video surveillance cameras and access control systems can communicate with one another in a vendor-agnostic manner.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
