New research: P2P vulnerabilities show IoT security camera risks
Nozomi Networks published research about vulnerabilities found in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras - Reolink. The most critical vulnerability, assigned a CVSS score of 9.1, allows attackers to access sensitive information such as audio/video streams across the internet. The second vulnerability, assigned a CVSS score 7.7, allows unauthorized users to access local users’ credentials. Nozomi’s research team coordinated disclosure with ICS-CERT, which published an advisory regarding the Reolink vulnerabilities.
Peer-to-Peer (P2P), in the context of security cameras, refers to functionality that allows a client to access audio/video streams transparently through the internet. The video data is available from the cameras or accessed through NVRs. P2P is used by Reolink and several other security camera vendors, so for the many operators of CCTV cameras with this feature, it’s important to understand the security risks.