GreyNoise Intelligence Discovers Severe Vulnerabilities in Live Streaming Cameras Used in Industrial Settings
Washington, D.C. — October 31, 2024 — GreyNoise Intelligence, the cybersecurity company providing real-time, verifiable threat intelligence into internet scanning and exploitation, today announced the discovery of two previously undisclosed critical and high-severity zero-day vulnerabilities in live streaming cameras reportedly used across industrial operations, government, healthcare, and other sensitive environments like houses of worship.
GreyNoise’s discovery was made possible by Sift, an internal, proprietary large language model (LLM) developed by GreyNoise that analyzes millions of web requests per day, identifying anomalous traffic that traditional cybersecurity methods might overlook. In this case, Sift flagged unrecognized traffic patterns, prompting GreyNoise researchers to dig deeper, resulting in the discovery of two new vulnerabilities that could potentially allow attackers to seize complete control of the cameras, view and/or manipulate video feeds, disable camera operations, and enlist the devices into a botnet to launch denial-of-service attacks.
This marks one of the first instances where threat detection has been augmented by AI to discover zero-day vulnerabilities, representing a groundbreaking advancement in cybersecurity and setting a new benchmark for how technology can accelerate threat detection and resolution.
“This isn’t about the specific software or how many people use it — it’s about how AI helped us catch a zero-day exploit we might have missed otherwise,” said Andrew Morris, Founder and Chief Architect at GreyNoise Intelligence. “We caught it before it could be widely exploited, reported it, and got it patched. The attacker put a lot of effort into developing and automating this exploit, and they hit our sensors. Today it’s a camera, but tomorrow it could be a zero-day in critical enterprise software. This discovery proves that AI is becoming essential for detecting and stopping sophisticated threats at scale.”
The vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, impact NDI-enabled pan-tilt-zoom (PTZ) cameras from several manufacturers, including PTZOptics, Multicam Systems SAS, and SMTAV Corporation. These cameras, reportedly used in sensitive environments like business conferences, telehealth sessions, and government settings, potentially represent an attractive target for malicious actors looking to compromise video feeds or use the devices as a point of entry into broader network infrastructure.
GreyNoise partnered with VulnCheck to responsibly disclose these vulnerabilities, working closely with affected manufacturers to ensure swift remediation. Firmware updates have been released by PTZOptics to address the issues, and GreyNoise strongly recommends all users update their devices immediately to prevent exploitation.
About GreyNoise Intelligence
GreyNoise empowers the security teams of enterprises and global governments to act with speed and confidence by providing real-time, verifiable perimeter-based threat intelligence. This allows security teams to reduce noise in security operations, perform in-depth threat hunting campaigns, and focus on the most critical threats to their network. Our patented sensor technology enables us to collect and analyze unique threat data at-scale that no one else can. We provide the most actionable threat intelligence against mass internet scanning and exploitation, so that no attack works twice. For more information, please visit https://www.greynoise.io/, and follow us on Twitter, Mastodon and LinkedIn.