One of our NVRs was attacked recently using a known attack that would have compromised or destroyed an off the shelf DVR. The operating system was corrupted by the attack, but it effectively stopped the attack in its tracks. The damage was repaired in less than 45 minutes and only the software was affected.
We have learned quite a bit from the analysis of this NVR system. The attack was designed for Busybox – a version of Linux that runs many different types of embedded devices including security cameras and cheap DVR systems. The point was apparently to gain access to the system in order to use it in a distributed denial of service attack (DDoS).
We have been implementing new security rules on our NVR systems – with this system next on the list. We developed new security procedures after we posted this story from Ars Technica on our Gigastrand Facebook page. Changing default passwords is an easy and effective way to protect your system.
Many cameras also come with a proxy or Dynamic DNS service that allows easy access directly to the camera through a firewall. Gigastrand has been disabling these services on the cameras it sells. We recommend this for everyone using similar equipment.
We will soon be implementing changes that will make it easier for the end users to change default passwords on both the OS and NVR.
Anatomy of an unsuccessful NVR attack