Warning: Break Free from Smart Cameras Turned into Surveillance Tools
One of my favorite resources for overall security industry knowledge has for a long time been the Hi-Tech Security Solutions magazine. It was in this month’s edition that I came across an article that immediately got my brain juices twerking like Miley Cyrus on a jumping castle.
I have summarised the article for the sake of your easy, quick reading, but for the full article refer to www.securitysa.com.
Kaspersky Lab researchers have found a disturbing number of security vulnerabilities in many of our popular smart cameras. Worryingly, many of these cameras are in fact baby monitors, or internal private home or office cameras. As a security consultant and investigator, this article drew me in faster than a sniper’s bullet to the head of an ISIS member.
This scenario of cameras that we rely on to stay safe and protected actually being turned against the owners is hugely concerning.
According to the research, the uncovered flaws could allow attackers/hackers to gain remote access to your audio and video feeds from your cameras. In doing so, turning the watcher into the watched.
Kaspersky Lab experts have apparently uncovered a whole host of smart cameras that are vulnerable to severe remote attacks. The article says that the cause of this problem lies in the design flaws of the cloud-based backbone that was created to enable us to access our private surveillance systems through our mobile devices.
By exploiting these vulnerabilities, attackers could launch the following attacks:
- Access video and audio feeds connected to any camera or monitor linked to the vulnerable cloud server
- Remotely gain root access to a camera and use it as an entry point for further attacks on other devices, on both local and external networks
- Remotely upload and execute arbitrary malicious code on your cameras
- Steal personal information such as user account details
- Remotely block vulnerable cameras
I must point out that the article does make mention of the fact that Kaspersky technicians had alerted Hanwha Techwin, the manufacturers of affected cameras, and at the time of publication of the article many of the vulnerabilities has been sorted out.
It is important to mention that the attacks talked about in this article were only possible if attackers knew the serial number of a targeted camera. However, the way in which the serial numbers are generated makes this information relatively easy to find.
To stay protected, Kaspersky advised users to do the following:
- Always change the default password, and don't forget to change it regularly
- Pay close attention to security issues of connected devices before purchasing yet another smart device or your home or office
My advice to you is do your homework before buying and installing.
Need more information?
Contact firstname.lastname@example.org / 082 820 5363.