ATM CCTV LIVE FEED EXPOSED: Axis Bank Open Instance
NOTE: The incident is being directly reported to the Bank and they have successfully secured this loophole
Banking is one of the most sensitive/critical infrastructure, to be taken care with utmost security. Even after having lots of funds, sometimes they don’t really care about their Security Infrastructure. As the timely maintenance of the Security Practices are bit expensive, the management turns their face against this dimension. This sole reason attracts Criminals/Cyber Frauds to target their next potential targets for victimization.
In this Investigation, we are going to cover a potential incident where the Live Feeds of Axis Bank ATM Recordings were left open in the wild!
A potential open directory of Axis Bank found, which is a live feed (Camera in an ATM) of ATM Banks of Axis Bank from Multiple Locations. Out of which one is located in Sahibabad, Noida, Uttar Pradesh.
216.48.189.XX
http://216.48.189.XX/#
During the investigation, it is found that the camera recordings are from August 2023 till date.
The directory is divided into 2 sections namely:-
SIB
Vuelogix
SIB
SIB directory is responsible for saving the CCTV images of the ATM. It is a Live-Feed Server and all the images are being updated on the fly.
The Camera is being installed mainly at 2 inner locations namely: Front Desk and Back Angle (behind ATM Machine).
Here are some screenshots to prove the same:-
Here is the recent image from the same ATM (At the time of writing):-
This is being installed to detect any movements whether any criminal or thief is coming in direct contact with the ATM Hardware physically, which may result in the malfunction of the machine.
While scouting, another folder found named RMSOFF , which had listed 3 Folders namely:-
No Detection
Helmet
Person
From this, it is evident that the Recordings are being auto-classified to different directories using various built-checks.
Let’s dive into the important folders here:-
Helmet
While navigating through, I found a bald person to be classified under “Helmet” with a confidence of 85% assurance, which is a wrong classification or a False Positive Case.
Similar cases with Cap Persons (but that can be excused) for now.
NOTE: It is found that the CCTV rightly captures and categorizes the person with Helmet as Genuine and are included in the Helmet directory.
Here is another ATM branch of Axis Bank:
This underlines the fact that all the ATM Live feeds are being distributed to a single server which is currently exposed to the public.
More directories came to the limelight during my investigation such as:-
Camera Shift
IRI Images
Luminosity Images
As the name suggests, each images are being captured and added to the respective directories such as: High Intensity Light Images are added to Luminosity Images, Auto-Camera Shifts are captured into Camera Shift and B&W images/thermal are classified under IRI Images.
Some of the sensitive URLs exposed are:-
http://216.48.189.XX/AI_IMAGES/SIB/RMSOFF/log_delete.txt
http://216.48.189.XX/#SIB/RMSOFF/LabelDetection/
http://216.48.189.XX/#SIB/RMSOFF/LabelDetection/No_detection/
http://216.48.189.XX/#SIB/RMSOFF/CameraOcclusionImages/Now, let’s explore the CCTV Software behind the bank.
VUELOGIX — THE CCTV SERVICE USED BY AXIS BANK
From the open directory, it is found that Axis Bank is using the VueLogix, an advanced E Surveillance security systems & Video analytics, CCTV monitoring Software. Vuelogix is a CCTV Software Vendor located in Kochi, Kerala.
Here, due to the Bank’s heedless measures, this firm/company also got exposed during this Investigation.
This directory is responsible for saving the Video Recordings of the ATM (24 Hr). All the video recordings are automatically gets saved to this folder on the fly.
Now, getting hands on the Vuelogix Backend:
This also lists a number of Bash Scripts being run by the company, which is saved in Compress1.sh, compress_vedio.sh and test.sh.
It is also found that a Script is being run to keep a track of Video Logs as Updates. This exposes the sensitive information of the path which is maintained by Vuelogix, as I have highlighted the same.
In the above image, it is the Log Record of the ATM Recordings
Some of the sensitive URLs that were exposed during my Investigation are:-
http://216.48.189.XX/#Vuelogix/offsite/video/
http://216.48.189.XX/#Vuelogix/offsite/video/2024-10-16/
http://216.48.189.XX/AI_IMAGES/Vuelogix/offsite/video/script.log
http://216.48.189.XX/AI_IMAGES/Vuelogix/offsite/video/test.sh
http://216.48.189.XX/AI_IMAGES/Vuelogix/offsite/video/compress_vedio.shFrom a number of exposed data, anyone can decode the practice of this bank, and plan an attack such as Impersonation, BEC, Phishing, Ransomware etc.
IMPACT
As large amount of information gets exposed from such incidents, it is advised to beef up the security of the organization, if they are handling any customer data. In this case, not only the financial institution were targeted, but the 3rd party vendor also became a silent victim in this episode.
This is how the 3rd Party Vendors gets attacked/targeted even if they maintain a top level security.
CURIOUS CASE OF A SUSPECTED THIEF/SPECIALLY ABLED?
While checking the images of CCTV Recordings, I came across an interesting image.
On 12th October around 8:30 PM, a masked individual entered the premises of Axis Bank ATM which is located in Mohan Cooperative Industrial Estate, Mathura Road, Saidabad, New Delhi-110044.
With the help of AI, I enhanced the Image and here is the reason of my suspicion:-
In the image, a fully masked person enters the ATM Center, however the sandals notes that the person may be a Female.
In order to dig deeper, a video recording of this individual along with any written complaints registered in the circle of Sahibabad Axis Bank would suffice to narrow down the suspicion to confirmation dated, 13th October, 2024 as the image is 1 day prior.
The following section is just to showcase, how easy to collect Customer Records of a Bank by the Criminals to target their victims and drive more Campaigns…
AXIS CUSTOMER RECORDS ON THE DARK WEB
Now, let’s get into some more juicy stuff -> CUSTOMER DATA
During a In-Depth Investigation, I came across a leak which only offers Axis Bank Customer Data, categorizing into cities.
This would help the criminals to contact their potential customers in an appeasing manner. A new tactic can be build (like Digital Arrest) by the criminals to defraud such bank users.
NOTE: The files shared are from 2015, however they have recently been modified in January 2024.
From this single incident, it is clear that how easy for a possible criminal to infiltrate into the secured environment and create havoc to their victims.
Follow me on Twitter/X for interesting DarkWeb/InfoSec Short findings! ;-)
NOTE:- The article is purely Individual Research and is not subjected to be used/published anywhere without the Author’s consent.
