How Big Data Help to identify AVTECH Security Flaws
Our ProActive System monitor hundreds of different brand/models of CCTV Equipment daily to monitor their operating status.
During the past 2 weeks, we are gradually alerted to multiple remote viewing failure on multiple CCTV system under our ProActive Monitoring system.
These failure happens with different customers on different ISP.
ProActive System is able to analyse the failure captured and it isolate the failure to a single brand, AVTECH.
The AVTECH systems detected as having issues are multiple systems installed over the course of last 6 years, different model, different firmware with different installation date. Systems are installed on multiple different sites with different network setup, internet router, ISP.
With these information captured, our engineers are able to determine the issues down to security flaws present in the AVTECH Firmware are being exploited. Checks with TrendMicro isolate the issues caused to the malware ELF_IMEIJ, which are specifically targeting AVTECH surveillance equipment.
As such, we are able to send out an high priority email alerts to all customers on mailing list advising them on steps to take to prevent their system from being infected, guides to removal of the infected firmware and also how to prevent further attacks. Alternatively are also presented to customers whose equipment which the manufacture no longer release firmware patches for.
During the initial internal testing of our proprietary ProActive Monitoring Data Analytic system in 2015, it had already identify the weakness of AVTECH and see the potential attacked that could happens. With that knowledge we had ceased to use AVTECH equipment in our installation project since 2015 and had by 2016 migrate all our maintenance and subscription customers to using other brands. This prove to be a decision well made with the aid of our ProActive Monitoring system when malware ELF_IMEIJ infected thousands of AVTECH equipment and prevented our customers who kept their system updated from having their AVTECH CCTV system turn into botnets.
Register for Trial if you are interested to get your system on board. It’s free.
We’ll soon be adding in Analytic Features to enable you to monitor your customers flow through your stores using your existing equipment for free !
Case Study #888448
Customer : Bibimbap Outlet
Reference No : #888448
Sympton : CCTV DVR Offline for > 3 Days. Customer didn’t opt for active monitoring, so monitoring is only done passively.
Problem : Internet Router reset to factory default by Singtel.
Resolution : Reconfigure Internet Router
Others : When the CCTV system comes back online, the CMS also detected that the DVR was powered off for a period of 3 days in between with no recording. Customer have no idea that the DVR was powered off. Customer will look into that to prevent accidental/tampering of DVR.
Benefits : Without the CMS to analyse the CCTV System, the DVR being switched off in between will not be highlighted and brought to attention. Otherwise, this procedure lapse or tampering with the CCTV system will not be noticed and future reoccurance might result in important cctv footage not recorded due to tampering with the system.
Case Details
On 8th June, Customer highlighted that he is unable to login to his CCTV System.
From the log chart, we are able to see that the system had been offline since 4th June. However, we can still see that there are IP updates from the DVR on the 5th June.
This usually signified that the required internet router’s port forwarding setting had been removed.
Upon checking, customer confirmed that Singtel had came and did a reset/replacement of the internet router, which was the root of the problem.
Without this history log chart, it’ll be harder to identify the root of the issues.
We arranged for a reconfiguration of the internet router and got the system back up online.
When the system came back online, the CMS highlighted that there is problem with the recording of the system.
Upon taking a closer look, it’s discovered that there are missing recordings for a period of 4 days. This problems would had gone unnoticed if not for the CMS.
The missing recording incident had been feedback to customer and customer will take note of operation procedure to avoid the CCTV system from being switched off accidentally /purposely in the future.
Case Study #231011
Customer : Subway Outlet
Reference No : #231011
Sympton : CCTV DVR Offline for > 3 Days
Problem : Internet Router reset to factory default
Resolution : Reconfigure Internet Router
Benefits : Customer does not check on the CCTV system on a daily basis. The CMS pick up the problem before customer realise there is problem with the internet router, allowing us to resolve the issues within a short period of time.
Case Details
On 10 June, from our CMS system, we had detected that the CCTV System had been offline for > 3 days since 8 June 2016.
Customer was alert about the issues, but did not replied.
On 11 June, we had went down to check on the internet router and found that the internet router configuration had been reset back to factory default.
Reconfiguration is done on the internet router to allow customer to view online again.
The system is back online. At a glance, we are also able to determined that there’s around 26 days of recording in the system, within our safety parameters of 21 days.
However, on the 13th of June, the CMS detect that the Subway’s CCTV is offline again and it’s highlighted again.
Customer is able to do a configuration on the router based on the previous information sent to him, and got the system back up and running again.
System had been detected to be functioning well.
Customer is looking into why the router’s configuration was reset on multiple occasion.