Express Computer
Home  »  IoT  »  Is your web-cam inviting hackers into your home: F-Secure report

Is your web-cam inviting hackers into your home: F-Secure report

0 325

A recent F-Secure report revealed multiple vulnerabilities plaguing tens of thousands of web-connected cameras around the globe. The webcams which are being used for security purpose can also be a threat since it has the capacity to invite hackers home.

The utility of cameras, especially for physical security purposes, has made them one of the most common devices being connected to the so-called Internet of Things or, as Mikko Hypponen, F-Secure’s chief research officer calls it, “the Internet of Insecure Things.”

And the insecurity of the IoT isn’t just some theoretical concept to be dealt with in the future when everything is connected. A new F-Secure report “Vulnerabilities in Foscam IP Cameras” finds multiple vulnerabilities plaguing tens of thousands of web-connected cameras around the globe.

“Foscam-made IP cameras have multiple vulnerabilities that can lead to full device compromise,” the report says. “An unauthenticated attacker can persistently compromise these cameras by employing a number of different methods leading to full loss of confidentiality, integrity and availability, depending on the actions of the attacker.”

These vulnerabilities — 18 in total, with all 18 found in the Opticam i5, and several in the Foscam C2, as well — make it possible to remotely take control of these stand-alone cams, which are often used to detect unwanted visitors.

“For example, an attacker can view the video feed, control the camera operation, and upload and download files from the built-in FTP server.” Not only that, with the help of some malicious code, attackers can leverage this camera to access the rest of the network it’s in.

Foscam has been notified about the findings, and F-Secure is going public after receiving no response for months. Foscam has a history of bugs allowing access to video feeds on IP cameras and baby monitors.

Janne Kauhanen of F-Secure Cyber Security Services advises that all users of all smart devices change their default passwords, always. No exceptions. But even that would not necessarily be enough to protect these vulnerable Foscam-made cameras, which include factory hard-coded credentials that cannot be changed by the user. An attacker who knows these hard-coded credentials (by finding them published on the internet, for example, which often happens) can use them to bypass the user’s own unique credentials.

And this is just one of the crop of vulnerabilities. Harry Sintonen of Cyber Security Services, who discovered them, describes them as “as bad as it gets.” The sheer number of vulnerabilities allows an attacker to pick and choose from multiple ways to take over the camera.

If you happen to have one of these cameras in your home, make sure that it is NOT exposed to the public internet. A firewall significantly reduces the risk of infection. And a smart security router uses artificial intelligence to sense the traffic of all your connected home devices — can also detect if your cameras or baby monitors are being misused.

The intimacy we grant cameras presents a unique opportunity to highlight the dangers of putting everything online without prioritizing security. And it’s an issue that needs highlighting now.

Even after co-opted IoT devices were used as part of the largest denial of service attack in history, manufacturers have demonstrated no eagerness to address this growing problem.

“The problem is bigger than this camera, this manufacturer,” said Janne said. “Smart devices, in general, are vulnerable. I think this is because manufacturers don’t consider security a selling point. And consumers certainly aren’t demanding it.” Perhaps the idea of tens of thousands of vulnerable cameras might begin to change that.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image