Please ensure Javascript is enabled for purposes of website accessibility

Tenable finds ‘Peekaboo’ vulnerability in surveillance software

Tenable's current headquarters is on Columbia Gateway Drive. (Tenable photo)

Tenable’s current headquarters is on Columbia Gateway Drive. (Tenable photo)

A Maryland cybersecurity company said it found a vulnerability in surveillance software that could allow criminals to spy on and alter video surveillance feeds.

Tenable Inc., of Columbia, announced Monday that its research team found the exploit, which it called “Peekaboo”, in some versions of software on the NVRMini2, is a network-attached storage device and network video recorder made by NUUO.

Cybercriminals using the exploit could learn the access credentials for all video surveillance cameras attached to the affected video recorder, Tenable said in a news release.

The company said it informed NUUO of the vulnerability in accordance with its published policy. NUUO told Tenable it is working on a fix for the vulnerability, the company said.

Tenable has released a plugin to assess whether organizations are vulnerable to Peekaboo.

To purchase a reprint of this article, contact [email protected].