![Raysharp](https://media.cybernews.com/images/featured-big/2024/04/raysharp.jpg)
Raysharp, a Chinese manufacturer of video cameras, recorders, and other surveillance products, has suffered a data leak that exposed its devices. Cybernews researchers have discovered three billion records in a leaking database from the company’s analytics platform.
The Cybernews research team has found an open Elasticsearch server with logs and proprietary data collected from Raysharp devices worldwide.
Elasticsearch is a commonly used analytics tool designed to organize, search, analyze, and visualize large volumes of data.
The leaked logs spanned three months, from the 2nd of November 2023 to the 1st of February 2024. The total number of records was 3,148,830,160.
The exposed logs contained sensitive types of data, including the following data points:
- device_uuid: This is likely a unique device identifier. Bad actors can use it to track and identify specific devices. Revealing device ID, together with other information, can compromise the privacy and security of the users and organizations.
- mobile_token: Used for authentication and authorization purposes in mobile applications, exposed mobile tokens can be exploited for unauthorized access to user accounts or sensitive information.
- Token_uuid: This is likely a unique identifier associated with authentication tokens. Exposing this data could help gain unauthorized access.
- appid: The unique identifier for the application itself. While less sensitive, it could be used to target specific applications or services.
- DeviceName: This could reveal information about the user or organization using the device and be used for targeted attacks or profiling.
- APNS and push_channel: Researchers also discovered data items suggesting the systems were configured to utilize Apple Push Notification Service (APNS). That is the channel for sending push notifications to iPhones and other iOS devices.
“The exposure of this data is probably inadvertent and was caused by Elasticsearch misconfiguration,” our research team said. “Exposing device logs poses risks to all users and organizations using Raysharp devices and applications. Keeping security systems and services private is crucial to maintain integrity and security.”
After responsible disclosure, the leaked data is no longer exposed.
![raysharp-leak](https://media.cybernews.com/2024/04/raysharp-leak.png)
Exposed logs may originate from product development
Cybernews reached out to Zhuhai Raysharp Tech company in China for additional comments, but we didn’t receive a reply before publishing.
However, the National Computer Network Emergency Response Technical Team/Coordination Center of China, also known as CNCERT/CC, told Cybernews that they had received a response from the company. Raysharp confirmed using Elasticsearch to manage logs.
“Elasticsearch is an open-source log service system, with port 9500 only used for log queries during product development. Under normal circumstances, it is not necessary to use it. Only when there is an abnormality in the product, it is necessary to query the product log through port 9500 to assist in locating the problem. At present, the service on port 9500 is temporarily suspended. After resolving the issue of this vulnerability, it can be opened again,” Raysharp's comment reads.
Raysharp describes itself as a leading manufacturer of surveillance products. Established in 2007, it has more than 14 years of industrial experience, over 1,500 staff, and a professional engineering team.
“Our mission is to build safety for life,” the company said on one of its websites.
While Raysharp may not be as well-known globally as some larger companies, such as Hikvision or Dahua, it has a significant market share in certain regions.
Cybernews researchers warn Raysharp product users to be aware of an increased risk of data breaches. They should take additional precautions to protect their privacy and security, such as changing passwords and resetting authentication tokens, not exposing the surveillance devices directly to the internet, using encrypted protocols, monitoring accounts for suspicious activity, and practicing good cybersecurity hygiene, starting from enabling multi-factor authentication.
Your email address will not be published. Required fields are markedmarked