Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

News, Daily News, Tech News, Technology

4.8 • 1.1K Ratings

🗓️ 14 December 2024

⏱️ 19 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

This week, we are joined by Andrew Morris, Founder and CTO of GreyNoise, to discuss their work on "GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI." GreyNoise discovered two critical zero-day vulnerabilities in IoT-connected live streaming cameras, used in sensitive environments like healthcare and industrial operations, by leveraging its AI-powered detection system, Sift. The vulnerabilities, CVE-2024-8956 (insufficient authentication) and CVE-2024-8957 (OS command injection), could allow attackers to take full control of affected devices, manipulate video feeds, or integrate them into botnets for broader attacks. This breakthrough underscores the transformative role of AI in identifying threats that traditional systems might miss, highlighting the urgent need for robust cybersecurity measures in the expanding IoT landscape. The research can be found here: GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	Quick question. Do your end users always, and I mean always, without exception,
0:18.8	work on company-owned devices and IT-approved apps.
0:22.4	I didn't think so.
0:24.2	So my next question is, how do you keep your company's data safe when it's sitting on all
0:29.1	those unmanaged apps and devices?
0:31.8	OnePassword has an answer to this question, extended access management.
0:36.7	One-Password, extended access management helps you secure
0:40.2	every sign-in for every app on every device, because it solves the problems traditional IAM and
0:46.8	MDM can't touch. And it's now available to companies with Octa and Microsoft Entra and in beta for
0:54.1	Google Workspace customers.
0:56.3	Check it out at OnePassword.com slash Cyberwire.
1:00.1	That's OnePassword.com slash Cyberwire.
1:03.5	Thank you. Yeah, so they were targeting Pan-Tilt Zoom IP cameras.
1:22.4	It's actually almost impossible to say exactly what model of pan tilt zoom camera they were targeting.
1:29.0	And these vulnerabilities allow an attacker to completely compromise an IP camera,
1:34.0	gain access to the device, pivot throughout it to the rest of the network,
1:39.0	establish persistence, or, you know, overwrite or insert or remove any kind of recorded media that might be stored on the device.
1:52.8	That's Andrew Morris, founder and chief technology officer at Grey Noise.
1:57.9	The research we're discussing today is titled,
2:00.0	Gray Noise Intelligence discovers
2:01.7	zero-day vulnerabilities in live streaming cameras with the help of AI.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.