Photo: Omar Marques/SOPA Images/LightRocket via getty

Researchers at Tenable announced Monday a security flaw in the firmware of network video recorders made by NUUO that could allow hackers to delete or modify surveillance videos or turn off surveillance entirely. It is not yet patched, although Tenable claims a patch might be available tomorrow.

Why it matters: NUUO makes hardware that records and manages security camera footage. The company's product integrates with more than 100 different camera brands.

The technical details: The vulnerability, which Tenable has dubbed "Peekaboo," is a firmware-level problem allowing for remote code execution.

  • The bug is what's known as a buffer overflow, where an attacker sends more data than a computer is designed to receive, leading the computer to inadvertantly store the leftover data as commands the computer will later run.
  • The company posted a blog with more information and a tool to determine whether systems are vulnerable.

Why announce before a patch is available? There is always a concern when researchers announce vulnerabilities before a patch is available that hackers might use that information to take advantage of unpatched systems.

  • Researchers often give a deadline for a company to show progress in developing a patch before announcing a vulnerability to the public to incentivize manufacturers taking vulnerability reports seriously.
  • In this case, Tenable alerted the media after giving NUUO 105 days to announce a release date for a patch (Tenable gives a deadline of 90 days). NUUO only announced the patch early Monday, after the media had already been notified.
  • "We believe that, thanks to our disclosure the vendor released the patch," Renaud Deraison, co-founder and chief technology officer at Tenable, told Axios.

Go deeper

The TikTok deal's for-show provisions and flimsy foundations

Illustration: Aïda Amer/Axios

The new deal to rescue TikTok from a threatened U.S. ban — full of provisions aimed at creating the temporary appearance of a presidential win — looks like a sort of Potemkin village agreement.

How it works: Potemkin villages were fake-storefront towns stood up to impress a visiting czar and dignitaries. When the visitors left, the stage set got struck.

  • Similarly, many elements of this plan look hastily erected and easily abandoned once the spotlight moves on.
52 mins ago - Technology

Over 3 million U.S. voters have already registered on social media

Illustration: Eniola Odetunde/Axios

An estimated 2.5 million+ Americans have registered to vote on Facebook, Instagram, and Messenger, Facebook announced Monday. More than 733,000 Americans have registered to vote so far via Snapchat.

Why it matters: The broad reach of social media platforms makes them uniquely effective at engaging voters — especially younger voters who may not know how to register to vote or be civically engaged.

Felix Salmon, author of Capital
1 hour ago - Economy & Business

Wall Street: Recession is over

Illustration: Aïda Amer/Axios

U.S. economic activity fell more sharply in the second quarter of this year than during any other quarter in history. It's also going to grow more sharply in the third quarter of this year than during any other quarter in history.

  • The recession is over, according to Wall Street, with current forecasts showing sustained economic growth through 2021 and beyond.