Hacking

Guardzilla Security Video System Footage exposed online

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users.

The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. The flaw was discovered by the researchers Nick McClendon, Andrew Mirghassemi, Charles Dardaman, INIT_6 and Chris, from 0DayAllDay, the issue was reported to the vendor by Rapid7.

“During the 0DAYALLDAY Research Event a vulnerability was discovered (CVE-2018-5560) in the Guardzilla Security Video System Model #: GZ521W.  The vulnerability lies within the design and implementation of Amazon Simple Storage Service (S3) credentials inside the Guardzilla Security Camera firmware.” read a post published by 0dayallday.org.

“Accessing these S3 storage credentials is trivial for a moderately skilled attacker. “

The bad news is that the vendor hasn’t yet addressed the flaw.

discovered that the GZ501W camera model contains a shared, hard-coded credential for Amazon S3 backed used as a storage of footage.

“The Guardzilla IoT-enabled home video surveillance system contains a shared Amazon S3 credential used for storing saved video data. Because of this design, all users of the Guardzilla All-In-One Video Security System can access each other’s saved home video.” reads the analysis published by Rapid7.

“This issue is an instance of CWE-798: Use of Hard-coded Credentials. It has a CVSSv3 base score of 8.6, since once the password is known, any unauthenticated user can collect the data from any affected system over the internet.”

This means that any user of the Guardzilla All-In-One Video Security System could access other’s saved home video because the system uses the same password. Any unauthenticated user can collect the data from any of the systems exposed online if knowing the storage details.

“Embedded S3 credentials have unlimited access to all S3 buckets provisioned for that account,” continues the analysis. “This was determined through static analysis of the firmware shipping with the device. Once the firmware was extracted and the root password ‘GMANCIPC’ was cracked, the Amazon S3 access key was recovered.”

An attacker can connect to the Amazon S3 account and access the various buckets associated with the service by using the access keys recovered from the firmware.

Waiting for a patch, users should ensure that cloud-based data storage functions of the device are not enabled.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Guardzilla, IoT)

[adrotate banner=”5″] [adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

2 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

14 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

18 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

23 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.