Tens of millions of devices -- including printers, routers and smart TVs -- are also at risk. Vulnerability of the devices' unprotected Linux servers compounds the problem with the Universal Plug and Play networking standard. Hackers are taking over an increasing number of security cameras to spread malware, break in to networks and to see what governments and businesses are keeping an eye on. Tommy Stiansen, CTO of NorseCorp, an IT security company that delivers real-time cyber risk intelligence, says, “We are seeing a lot of unexplained devices communicating to our honeypots, for example CCTV cameras. We’re seeing a lot of CCTV cameras attacking our honeypots.” Stiansen says that the codes in the CCTV cameras he’s examined have software developed in Asia and still has traces of the development code in them. In addition to that, the DVR boxes running the feeds use a traditional Linux pack that admins haven’t done anything to secure. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe “Administrators buy these cameras and install them straight on their network without realizing they are running a full Linux server,” he says. “They’re running a web system that has jQuery, cross-site scripting and all the vulnerabilities in the book in them.” This news comes just a day after another Rapid7 reported a different exploit which can also be used to take advantage of CCTVs, printers and Cisco and Netgear networking equipment. In a study released yesterday, researchers said they had found 80 million public IP addresses responded to Universal Plug and Play. Putting at risk untold millions of Internet-connected devices, including printers, CCTV cameras and Cisco and Netgear networking equipment. NorseCorp’s findings show that hackers are already taking advantage of security flaw first reported last week. As Forbes’ Andy Greenberg reported: “Eighteen brands of security camera digital video recorders (DVRs) are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company’s firewall, according to tests by two security researchers. And one of the researchers, security firm Rapid7′s chief security officer H.D. Moore, has discovered that 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet.” As with every other type of cyber-attack these are overwhelmingly aimed at financial institutions. So far the hackers are more interested in using the unprotected processors in the cameras for theft than observation. “It appears that they are using the processor to do financial fraud,” says Stiansen. “It also appears they are using them to infect other networks, so it’s more of a launch point for malware.” It’s not as easy to tell if the criminals are taking advantage of all the free visual data as well, but it would be odd if they were not. “When you go to the IP address you get free access to the cameras,” he says. “The cameras can be scary. They could be satellite downlinks from the government with 26 cameras linked to it. We have actual bank monitoring systems you can pull up in your browsers.” In addition to security cameras, modems, printers and routers, Stiansen says the company’s honeypots are also picking up increased traffic from smart TVs. Securing most of these devices can be done by users, although if you lease your router or modem you may want to check with your ISP before taking any action. As for the UPnP problem, Rapid7 has released a scanning tool which consumers and administrators can use to find problem devices. In addition to that, CERT has put out a warning and a patch for it. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe