The hacking tool named “getDVR_Credentials” developed by an Argentinian cybersecurity white hat researcher Ezequiel Fernandez in the year 2018 has the potentialities of hacking the DVRs and their video feeds. This potential tool has established the fact that the cyber attackers have accessed the vulnerabilities in the functioning of DVRs and the possibilities of incidents of various video feed as well as the dvrhackedin the past by the hackers.In the beginning, Fernandes claimed that the tool getDVR_Credentials has all the potentialities to exploit the DVR vulnerability of CVE-2018-9995 and ultimately allow the hackers access to the devices especially the DVR manufactured by TBK and their video feeds. But soon Fernandez expanded the list of devices that had vulnerabilities and reported a long list of devices manufactured by other vendors particularly the revised versions of DVR 4216 series and TBK DVR4104.
Over the period, Fernandez published a long list of 55000 DVRs and another 10000 devices with the same vulnerability and available online for the consumers. Fernandez later published a screenshot of the list of devices which he had gained access by using his tool through leveraging CVE-2018-9995. The screenshot showed that Fernandez has full access and control over the command as well as live video feeds of the devices. However, these types of leverages of live video feeds from several hacked DVRs and other cameras were published in the past, the tool used by Fernandez and the screenshot published to show gaining access and control over the devices meant a lot in terms of cybersecurity as well as security breach particularly through DVRs and other similar devices.
The claim of Fernandez further was confirmed by other white hat hackers who assessed the tool and verified that the script worked smoothly as claimed by Fernandez. Among many white hat researchers, a principal researcher from NewSky Security which has specialization for IoT security produced a list of devices which can be exploited along with critical questions of how to attack and who to attack.
Initially, Fernandez was afraid that his blog might be misquoted or misunderstood because of his poor spanish to English , but ultimately the CVE-2018-9995 was never popular. Over the period, there were reports about the hacking of IP security cameras manufactured by GoAhead which were sold non-branded to a lot of other companies.Therefore, with thousands of TBK DVRs available in the market with available PoC code, the CVE-2018-9995 will definitely become the most exploited and scanned security bugs in the times to come.
