GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI
In a groundbreaking development, GreyNoise Intelligence has unveiled previously unknown zero-day vulnerabilities in IoT-connected live streaming cameras. Leveraging their proprietary AI-driven technology, GreyNoise identified and mitigated the vulnerabilities before attackers could exploit them on a large scale. This discovery underscores the critical role of AI in addressing the growing challenges of cybersecurity.
AIVULNERABILITYIOT
12/14/20242 min read
The Discovery
GreyNoise’s honeypot system detected an automated exploit targeting live streaming cameras. The exploit was leveraging zero-day vulnerabilities, previously unknown to manufacturers and security experts. Once the malicious activity was flagged, GreyNoise researchers identified two critical vulnerabilities:
1. CVE-2024-8956: Insufficient Authentication (CVSS 9.1 - Critical)
- Allowed attackers to access sensitive information, including usernames, MD5 password hashes, and configuration data.
2. CVE-2024-8957: OS Command Injection (CVSS 7.2 - High)
- Enabled attackers to execute arbitrary OS commands, potentially resulting in full system takeover.
Why It Matters
These vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras widely used across industries, including:
- Industrial Operations: Monitoring machinery and ensuring quality control.
- Healthcare: Supporting telehealth consultations and live surgical streams.
- Government and Legal Environments: Ensuring security in courtrooms.
- Houses of Worship: Streaming religious services.
The implications are severe. Exploiting these vulnerabilities could allow attackers to:
- Seize Full Camera Control: Access video feeds, manipulate footage, or disable operations.
- Launch Botnet Attacks: Enlist compromised cameras for large-scale denial-of-service (DDoS) attacks.
- Compromise Networks: Extract network details for lateral movement into sensitive systems.
How AI Made the Difference
Traditional threat detection tools often struggle to differentiate between routine internet activity and genuine threats. GreyNoise’s AI-powered system, Sift, was instrumental in identifying these vulnerabilities.
Sift’s Capabilities:
- Uses large language models (LLMs) trained on global internet traffic.
- Identifies anomalies missed by conventional tools.
- Filters out benign traffic, allowing researchers to focus on real threats.
According to Andrew Morris, Founder of GreyNoise Intelligence, “AI is becoming essential for detecting and stopping sophisticated threats at scale. This discovery proves that a blend of AI and human expertise is the future of cybersecurity.”
Collaborative Response and Mitigation
GreyNoise worked with VulnCheck to responsibly disclose the vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, to affected manufacturers. PTZOptics has released firmware updates addressing these flaws, but other manufacturers have yet to respond.
Steps to Protect Your Systems
If your organization uses VHD PTZ camera firmware < 6.3.40 from PTZOptics, Multicam Systems SAS, or SMTAV Corporation, it’s essential to:
- Update Firmware: Apply patches provided by PTZOptics or other vendors.
- Monitor Traffic: Use AI-driven tools to detect anomalies in network traffic.
- Limit Exposure: Restrict direct internet access to critical IoT devices.
The Bigger Picture
This discovery highlights the broader challenges of securing IoT devices in an ever-expanding digital landscape. With nearly 19 billion IoT devices in use worldwide, the need for advanced threat detection systems has never been more urgent. GreyNoise’s success demonstrates the transformative potential of AI in safeguarding critical infrastructure against emerging threats.
