CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams

GreyNoise Intelligence says an internal AI tool captured attempts to exploit critical vulnerabilities in commercial livestream IoT cameras.

IIoT industrial vulnerabilities

Cybersecurity firm GreyNoise Intelligence is crediting an AI-powered tool for capturing attempts to exploit critical vulnerabilities in live streaming IoT cameras widely deployed at healthcare, industrial operations and government facilities. 

GreyNoise said it detected two distinct vulnerabilities — CVE-2024-8956 and CVE-2024-8957 — after an exploit attempt on its Sift automated threat-hunting honeypot system. 

“An attacker had developed and automated a zero-day vulnerability exploit, using a broad-spectrum reconnaissance and targeting strategy to run it across the internet,” GreyNoise said in a security bulletin.

The company said the exploit instead hit its global sensor network, where an internal AI technology flagged the unusual activity. “Upon further investigation, GreyNoise researchers discovered the zero-day vulnerabilities. Once exploited, attackers could potentially seize complete control of the cameras, view and/or manipulate video feeds, disable camera operations, and enlist the devices into a botnet to launch denial-of-service attacks.”

The most severe of the two vulnerabilities (CVE-2024-8956) carries a CVSS score of 9.1 out of 10 and allows an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. 

The second bug is rated CVSS 7.2/10 and can be chained with CVE-2024-8956 to execute arbitrary OS commands on the affected cameras, potentially allowing an attacker to seize full control of the system, GreyNoise said.

The company warned that the vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers.  Affected devices run VHD PTZ camera firmware versions below 6.3.40, used in devices from PTZOptics, Multicam Systems SAS, and SMTAV Corporation.

GreyNoise noted that these cameras typically feature an embedded web server for direct browser access, and are commonly deployed in high-security environments like industrial sites, healthcare facilities, and government institutions.

Advertisement. Scroll to continue reading.

GreyNoise founder and chief architect Andrew Morris raved about the value of AI-powered technology to help flag this threat. “This isn’t about the specific software or how many people use it — it’s about how AI helped us catch a zero-day exploit we might have missed otherwise,” Morris said.

“We caught it before it could be widely exploited, reported it, and got it patched. The attacker put a lot of effort into developing and automating this exploit, and they hit our sensors. Today it’s a camera, but tomorrow it could be a zero-day in critical enterprise software,” he added.

Related: Remotely Exploitable Flaws Found in Popular IP Cameras

Related: Thousands of IP Cameras Hijacked by Persirai, Other IoT Botnets

Related: Multiple Vulnerabilities Found in Popular IP Cameras

Related: Hundreds of Thousands of IP Cameras Exposed to IoT Botnets

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.