• Follow us

Internet

Vulnerabilities in smart IP cameras expose users to privacy, security risks

The global smart camera market is predicted to grow at a CAGR of 8 per cent over the period of 2018-2023, reaching an estimated $2 billion. While IP cameras are nothing new, smart cameras pack new features that make them more appealing to users.

With features from face recognition to various image sensors and connectivity options, such as Bluetooth and Wi-Fi, smart cameras can detect human behaviour and even vehicle number plates, making them a perfect residential or commercial surveillance or tool.

Experts forecast than 45 billion cameras will dot the world by 2022, and a large percentage of them will be smart cameras. For years, security researchers have found a plethora of vulnerabilities in smart cameras, warning consumers and manufacturers of the dangers that attackers could control them remotely and spy on owners, affect the overall security of home networks, or even impact the global internet infrastructure.

Ever since Mirai, one of the largest IoT botnets, comprised of an estimated 600,000 vulnerable cameras and devices remotely controlled by threat actors to perform a massive denial of service on critical internet infrastructure services, cybercriminals have started focusing on amassing large botnets of smart internet connected devices.

For instance, IoT botnets such as Hide and Seek have steadily been updated with new vulnerability-exploiting capabilities, amassing smart cameras, IPTV cameras, and DVRs, but also Android devices with unpatched vulnerabilities. The larger the botnet, the more damage it can do to infrastructures through denial of service attacks.

Researchers find easily exploitable vulnerabilities in four popular smart cameras

Bitdefender researchers recently analysed a series of four smart cameras, only to find that all of them have several vulnerabilities that criminals could remotely exploit to tamper with, control, or fully compromise them.

One camera analysed was the Keekoon KK005. After analysing the firmware’s images on the vendor’s website, our researchers concluded that all the vendor’s cameras are affected, more or less, by several vulnerabilities. From LAN (Local Area Network) backdoors, authentication bypass, and multiple stack overflows, all the way to command injection and hidden command execution forms.

Another camera, the Tenvis TH661 Home Camera, was found susceptible to a series of authentication bypass vulnerabilities, enabling attackers to remotely gain control of devices, decommission them, or even use them as espionage tools. This means that, the more sensors and features a camera has, such as infrared, motion detection, microphones, or the ability to store recoded streams onto an external source, the more options it gives attackers in terms of espionage and surveillance.

The Reolink C1 Pro Camera has also been found harbouring a wide range of firmware vulnerabilities that could allow threat actors to remotely tap into them. While these are for both indoor and outdoor use, the vulnerabilities found would allow attackers to not only get the users’ email credentials if email alerts are set, but also collect Wi-Fi credentials, inject commands, and even bypass the entire authentication process and directly interact with the device. This model has several vulnerabilities that attackers can exploit easily, so they could use is as a gateway into a user’s home network – as the camera is normally connected to the same Wi-Fi network as all other devices – and from there expand their foothold and collect additional sensitive information.

The final smart camera analysed, the Geenker HD IP Camera, is a night vision-powered surveillance device that also has two-way audio capabilities, making it an attractive option for home users who want to beef up their home surveillance capabilities. However, our researchers have found it harbours a system backdoor, hardcoded credentials over Telnet, and a number of buffer overflow vulnerabilities that allow threat actors to remotely execute commands. An authentication bypass vulnerability also lets attackers alter camera settings simply by accessing any page other than the root page.

Exploitation of the vulnerabilities found could enable attackers to remotely control a relatively large number of smart cameras, which they can later use either to move laterally across networks and extract sensitive information from other devices on the network, extort victims by capturing sensitive and private images from their own homes, or even instruct them to perform massive denial of service attacks and ask for ransom to stop the assaults.

Smart camera security starts with the right mindset

While you may not look at smart cameras as a security threat, the fact they’re internet connected and can be remotely managed via an application makes them viable targets for threat actors. While few manufacturers seem interested in pushing security updates once known vulnerabilities have been patched, it’s important to find out which vendors have a clear and timely patching and updating policy.

Equally important is to change default usernames and passwords when setting up these new devices, as attackers will often perform bruteforce attacks – a process through which they automatically try out known usernames and password combinations – to remotely connect and seize control over them.

While these devices might not work with traditional security solutions -- the way your laptops, smartphones or tablets are protected -- there are home network security solutions that come with advanced exploit protection and vulnerability assessment technologies that can keep an eye on network-connected IoTs and smart cameras. They can prevent attackers from dialling in, and they can notify users when new security updates are available, and even when devices start behaving strangely.

The implications of vulnerabilities in smart cameras are not be ignored, as you can risk much more than just having it bricked or used as a gateway to attack other devices in your home network. It can also be used as a means for spying on you and your family in the comfort of your own home.

Liviu Arsene, Global Cybersecurity Researcher, BitdefenderImage Credit: Wright Studio / Shutterstock

Read More



Leave A Comment

More News

Latest ITProPortal news

Hacker groups going after government domains 2019-04-18 07:00:20Security researchers are suspecting state-sponsored actors.

SMS 2-factor authentication is alive and kicking 2019-04-18 07:00:12Far from dying off, SMS will be confirming online identities across the world for many years to come.

Amazon is shutting its Chinese marketplace 2019-04-18 06:30:54The Chinese will still be able to buy from international sellers.

Four horsemen of the data centre 2019-04-18 06:30:52Budgets, reporting, scale and security are important considerations for a holistic approach

The procurement quandary 2019-04-18 06:00:49Who should take centre stage when it comes to procurement? Why should they?

Facebook uploaded over a million user emails without 2019-04-18 06:00:00The emails were used to import contacts and 'improve ads'.

Building reliable data pipelines with AI and DataOps 2019-04-18 05:30:36If we can’t understand or make use of data, then why generate it at all?

Three data leaks which might erode the base 2019-04-18 05:00:01With high prices being charged, Apple is losing its market share in China, and many believe it will end up as Huawei got banned in the US.

Trading data: the risks and rewards 2019-04-18 04:30:58Products, software and services are more interconnected than ever, but how can businesses use this to their advantage?

Five ways AI could make meetings more creative 2019-04-18 04:00:04Human communication may not be the first thing you’d associate with artificial intelligence.

Intel pulls out of the mobile 5G business 2019-04-17 07:00:57Apple left between a rock and a hard place.

Gutenberg in the 21st Century: Adding printers to 2019-04-17 07:00:42A look at the technology needed to add printers to an IoT office ecosystem, as well as cost and security implications.

TechRadar: Internet news

HP launches new laptops and workstations with built-in 2019-04-17 05:15:39HP has released a number of new laptops and workstations designed for today's increasingly mobile workforce.

Sony to crack down on sexually explicit PlayStation 2019-04-17 05:15:30A Sony spokesperson told the Wall Street Journal that it would be implementing stricter rules for game developers.

We might see iPhone 5G in 2020 after 2019-04-17 05:03:32Apple ending its legal dispute with Qualcomm means we could see a 5G iPhone earlier than expected.

Best cloud databases of 2019 2019-04-17 04:41:06Storing your database with a cloud provider will allow it to easily expand as your organisation does.

Best portable printers of 2019 2019-04-17 04:34:15The best portable printer let you print out your documents and photos while out and about.

TikTok de-listed from Google Play and Apple App 2019-04-17 04:23:40TikTok has been taken down from Google Play Store and Apple App Store in India following an order by the Supreme Court of India.

Porto vs Liverpool live stream: how to watch 2019-04-17 04:15:59Don't miss out on a Porto vs Liverpool live stream in the last eight of the Champions League. Can Liverpool finish the job?

Apple Watch 3 Nike+ special edition just hit 2019-04-17 03:59:46It may be over a year old now, but the special edition Apple Watch 3 is now down to £259.

The best SIM-only plans in Australia: updated April 2019-04-17 02:09:43If you're happy with your phone then there's plenty of dosh to be saved with a SIM-only plan!

The best cheap fitness trackers in India: Top 2019-04-17 01:56:52Wearable fitness trackers are smarter and cheaper than ever, slap on one of these allies as you wage war on those calories

Huawei agrees 40 5G contracts 2019-04-17 01:46:13Huawei's 5G influence grows as it adds more customers

PUBG Mobile 0.12.0 released with EvoZone, Darkest Night 2019-04-17 01:43:50Tencent is seeding PUBG Mobile 0.12.0 update to players around the world.

TechCrunch » Enterprise

Google expands its container service with GKE Advanced 2019-04-16 13:06:12With its Kuberntes Engine (GKE), Google Cloud Google has long offered a managed service for running containers on its platform. Kubernetes users tend

Why it just might make sense that Salesforce.com 2019-04-16 12:18:52Yesterday, Salesforce .com announced its intent to buy its own educational/non-profit arm, Salesforce.org for $300 million. On its face, this feels li

Salesforce ‘acquires’ Salesforce.org for $300M in a wider 2019-04-16 10:38:05Salesforce yesterday announced a move to reposition how it provides software to and works with nonprofits like educational institutions and charities:

Adobe launches an Adobe XD accelerator to woo 2019-04-16 09:03:34The design world is in a state of full-fledged competition. Never in history have designers and their respective teams had so many options from which

Logistics startup Zencargo raises $20M to take on 2019-04-16 08:12:52Move over, Flexport. There is another player looking to make waves in the huge and messy business of freight logistics. Zencargo — a London star

Leapwork raises $10M for its easy process automation 2019-04-16 06:16:15Most work involving computers is highly repetitive, which is why companies regularly have developers write code to automate repetitive tasks. But that

Diving into Google Cloud Next and the future 2019-04-14 13:00:09Extra Crunch offers members the opportunity to tune into conference calls led and moderated by the TechCrunch writers you read every day. This week, T

OpenStack Stein launches with improved Kubernetes support 2019-04-12 16:41:12The OpenStack project, which powers more than 75 public and thousands of private clouds, launched the 19th version of its software this week. You&rsqu

Homeland Security warns of security flaws in enterprise 2019-04-12 11:26:32Several enterprise virtual private networking apps are vulnerable to a security bug that can allow an attacker to remotely break into a company’

Google Cloud makes some strong moves to differentiate 2019-04-11 12:23:24Google Cloud held its annual customer conference, Google Cloud Next, this week in San Francisco. It had a couple of purposes. For starters, it could i

Much to Oracle’s chagrin, Pentagon names Microsoft and 2019-04-11 10:27:09Yesterday, the Pentagon announced two finalists in the $10 billion, decade-long JEDI cloud contract process — and Oracle was not one of them. In

Rasa raises $13M led by Accel for its 2019-04-11 10:12:30Conversational AI and the use of chatbots have been through multiple cycles of hype and disillusionment in the tech world. You know the story: first y

ShoutMeLoud

Ahrefs Review 2019: (Overview, Features & Free Trial) 2019-04-10 03:02:09Are you wondering what Ahrefs can do for you? I have for everything covered for you in this extensive Ahrefs review. Ahrefs has been making news with

10 Best Email marketing Services & Software for 2019-04-06 05:51:25Email marketing isn’t going away this year. Despite what others say (that it’s dead), it will continue to be a powerful tool for any serio

100+ Blogging Tools For 2019, Categorized (+ Expert 2019-04-05 09:30:56Blogging is an art, and using the right blogging tools will make your art rise and shine! This is an epic list of blogging tools to which you can refe

[Deal Alert] BlueHost Hosting Coupon: Save 66% + 2019-03-31 15:23:03Bluehost Webhosting is officially recommended by WordPress hosting page, and it’s the best choice for your WordPress site. Before I share this s

How To Start A Blog & Make $4734 2019-03-29 14:31:28Want to start a blog and get paid by blogging? From last 10 years,  ShoutMeLoud has been teaching about blogging to millions of users around the

YouTube SEO 101: How To Rank Videos on 2019-03-27 21:16:11Want to know how to rank videos on YouTube? Read on to learn everything about YouTube SEO? We all know YouTube is the second largest search engine on

QuadMenu Review: Add a Mega Menu to Any 2019-03-24 03:54:03Running a blog or website isn’t just about creating great content, it’s also about making it easy for your visitors to find and navigate t

13 Easy Online Business Ideas With Minimal Or 2019-03-23 15:24:13Maybe you’re a young boy/girl who wants to start getting dirty in the entrepreneurial side of the business world. Maybe you’re a college g

How To Generate A Disavow File Using Ahrefs 2019-03-23 02:09:51Negative SEO is a real thing. Many marketers are trying to manipulate the system by sending spam backlinks to their competitor’s website. To han

The 5 Best eCommerce Platforms (Compared with Pros 2019-03-23 01:30:46Before the rise of the internet, being a business person was a costly endeavor for most people. It involved, among other things, having a large sum of

Top 14 Reasons Why People Blog 2019-03-21 15:30:22Blogs today have become an essential part and needed for most of the generation worldwide. It’s raining blogs. Life was never so tech savvy befo

How To Write SEO Friendly Content (Beginner To 2019-03-20 20:11:00Do you want to write SEO friendly content? Well, this is an art which could take your blog or your writing career to the next level. Anyone can write

Digital Trends

The excellent Moto G6 is just $99 from New! 2019-04-19 13:51:45Getting a cheap smartphone can be a great way to squeeze value out of your dollars. Motorola's Moto G-range has always been good value, but never bet

U.S. police are testing out Batman-style bola guns New! 2019-04-19 13:45:28U.S. police are taking a page out of Batman’s playbook with a new grappling hook gun, called the BolaWrap, which fires out a kevlar cord able to

Here’s how to pair a Bluetooth headset with New! 2019-04-19 13:31:55One of the best aspects of modern consoles is how easily you can pair them with other devices. Here's our quick primer on how to connect a Bluetooth

World of Warcraft: Battle for Azeroth allied races New! 2019-04-19 13:27:14The Horde and Alliance are seeking new allies in their struggle for control of Azeroth. Whether you pledge your allegiance to the Horde or Alliance, w

Destiny 2: Where to find Xur for the New! 2019-04-19 13:20:51The weekly vendor in Destiny 2: Forsaken always brings Exotic weapons and armor, some of the toughest loot to find in the game. Here's everything you

Samsung beefs up just about everything in its New! 2019-04-19 13:13:07Samsung 2019 flagship smartphone lineup is here, and there aren't just two phones as usual — there are four. There's the Galaxy S10, S10 Plus,

Digital Trends Live: Samsung Galaxy Fold woes, zombie New! 2019-04-19 13:00:15Today's topics: Samsung Galaxy Fold, Facebook A.I. voice assistants, YouTube comes to Fire TV, facial recognition on airline flights, the SpaceX DART

AMD’s 2020 Ryzen CPUs could have a big New! 2019-04-19 12:56:33The sequel to AMD's Zen 2-based Ryzen 3000 CPUs is slated for a 2020 release and when it arrives, could leverage the new Zen 3 architecture to delive

Master Civilization VI with these starting tips for New! 2019-04-19 12:46:29Civilization VI offers both series veterans and total newcomers a lot to chew on from the get-go. Here are some essential starting tips to help you ma

The Last of Us Part 2 finishes capturing New! 2019-04-19 12:25:16Calling it the most "ambitious cinematic shoot" the team has ever done, Naughty Dog revealed that the motion-capture performances for the main chara

Ditch the discs: The Xbox One S All-Digital New! 2019-04-19 12:09:16Like it or not, discs seem to be going the way of the VHS tape. Digital gaming is quickly becoming the new norm even for consoles, and Microsoft&rsquo

Toyota leads $1 billion investment in Uber’s self-driving New! 2019-04-19 12:01:45In a move that has been a long time coming, Uber filed its S-1 documents, which sets the stage for the company to finally go public with an initial pu


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.