Lucian Constantin reports:
Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.
According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software — the root account.
[…]
At the very least, a DVR that accepts root and 519070 as username and password should not be exposed directly to the Internet. If remote access is needed, this should be achieved by connecting into the local network first through a VPN. For good measure, the devices should not be available on internal network segments that allow untrusted computers either, such as public Wi-Fi.
Read more on SecurityAsia.