Thought Leadership
Researchers from the cyber security team Team82 have discovered serious vulnerabilities in Axis Communications products. In combination, these vulnerabilities not only allow attackers to watch live broadcasts, but also to switch off cameras and execute malicious code. Axis has now released updates and urges users to install them quickly.
Four flaws with a fatal effect
The experts at Team82, the research department of cyber-physical security specialist Claroty, discovered four vulnerabilities in the video surveillance solutions of Swedish manufacturer Axis Communications during an analysis. If these are exploited, attackers can gain access to the internal network, take control of connected cameras and manipulate video transmissions at will. In addition to intercepting and monitoring feeds, it is also possible to completely switch off individual or all cameras. Particularly critical: malicious code can be executed directly on the devices.
Danger for sensitive facilities
Digital video surveillance is an integral part of modern building security. Whether in companies, airports, schools or public buildings – cameras are omnipresent. However, like any networked infrastructure, they are also potentially vulnerable. Recently, international security authorities have warned of targeted hacker attacks in which surveillance systems were compromised. In the current investigation, the researchers took a closer look at the Axis Device Manager and the Axis Camera Station. The Device Manager serves as the central administration for all cameras, while the Camera Station grants direct access to the live feeds. Cyber criminals could use the flaws found to take over both completely.
Thousands of systems exposed worldwide
Using tools such as Censys and Shodan, the researchers identified numerous exposed Axis devices that are connected to the internet without additional protection. These include systems in companies, government agencies, hospitals and educational institutions. In Germany alone, 360 servers with activated and vulnerable Axis remoting services were found. Such information is an ideal starting point for attackers to target specific institutions.
Manufacturer reacts quickly
Axis Communications released patches and updates promptly after the vulnerabilities became known. Users of the affected products – including AXIS Camera Station Pro, AXIS Camera Station 5 and AXIS Device Manager – should urgently install them to prevent abuse of the vulnerabilities. The company thanked Team82 for the quick and responsible disclosure of the findings.
Further information, background and technical details can be found in Claroty’s blog post.
(vp/Claroty)
