20th November 2014
DVR insecurity has been on the cards for quite some time now. When we started developing our System 2 DVRs we looked at 13 different manufacturers and quite a lot of their products were vulnerable. Worryingly many of the firms supply DVRs to national CCTV suppliers meaning the number affected is potentially huge.
This initial vulnerability lay within the Linux software contained on the DVR. It is possible to exploit the software and access the network on which the DVR is connected.
Our System 2 and System 2.1 DVRs are not affected.
The other thing we have avoided on security grounds is UPnP, Universal Plug and Play. Whilst appealing because it potentially makes remote access to your CCTV system easy, in our opinion it leaves routers and consequently your networks vulnerable from outside attack. With our port forwarding set up we limit exposure to the outside world and protect your local network.
The website currently in the news which looks for video cameras is exploiting a weakness which mostly affects IP cameras. You can quite easily make a programme which tricks an IP camera into sending out footage.
Our DVRs don't stream raw video images in the same way. The footage is contained within a player framework. You can't trick the DVR into sending out pictures or video. It has been reported that DVRs from some other manufacturers may have potential vulnerability.
The final point to be aware of is that all the images we have seen so far exploit default user names & passwords. Other than the Linux vulnerability mentioned at the start of this article (which doesn’t affect our DVRs), as soon as you change your password you shut the door. So make sure you are not using the default password on your DVR
It's worth reminding you that there is no back door into our DVRs if you forget your password. This is a good thing as it removes a potential weakness. If you forget your password the DVR will need to come back to us.
We hope that answers some of the questions you might have following the recent News articles.