Cybersecurity experts: tens of thousands of smart cameras can be hacked effortlessly

The fact that IoT-devices is becoming more and more, we all know (well, or almost all). If we talk about smart cameras, they are quite convenient. Advanced models, like the iVideon Oco 2, help to keep an eye on the house in its absence, and to communicate with the wards - in some cameras there is a speaker and a microphone. The benefits of cameras are aware of an increasing number of users, but the trouble is that manufacturers are not worried about the security of their devices.

There are hundreds or even thousands of smart camera models on the market. Some of them fall under the sight of "bezopasnik" who test the device and the tail and mane, trying to find vulnerabilities in their protection. The other day the web has information about the results of the analysis of vulnerabilities of two camera models, which are produced by the company Shenzhen Neo Electronic. This organization has delivered hundreds of thousands of smart systems to users from around the world, and as a result, about 150,000 of the installed cameras can be hacked.

The purpose of hacking can be different - someone just wants to intercept the video stream, and someone plans to create a botnet of hundreds of thousands of devices (it’s impossible not to recall those who stood behind the Mirai botnet). Alex Balan, a Bitdefender researcher, says that after the vulnerabilities were discovered, they were reported to the developers. But they remain silent, and the problem areas in the software remain unpatched.
')
True, the problem is also that nothing can be fixed in the manufactured cameras. Balan said this in an interview with one of the popular online media at the Def Con conference, which was held in Las Vegam.

The researcher voiced the problem cameras. These are NIP-22 and iDoorbell. But the fact that only two models have been studied in detail does not negate the fact that applications of many other smart cameras also contain similar problems. And not only cameras - over the past few years, experts have found vulnerabilities, in addition to cameras, in animal gadgets, dishwashers, and even sex toys. These systems are not cracked all together, but individually, but this does not mean at all that attackers cannot form a botnet with the number of zombies exceeding several hundred thousand.

Vulnerabilities, by the way, are quite common - hackers do not need to show any super-insight. One of the vulnerabilities that are relevant to these two cameras is the commonplace login and password by default, exhibited at the factory. Very few people change them, but any PC user who is more or less savvy can recognize this combination without problems. Interestingly, despite the past epidemic (and more than one) of hacking IoT devices, Shodan still shows more than a hundred thousand vulnerable cameras. Anyone who uses the user login and the same password, or guest / guest, can access these cameras.

As for the second problem, everything is somewhat more complicated. In this case, a buffer overflow is used, which allows burglars to take control of the device, turning it into a zombie part of the botnet. And hundreds of thousands of such devices are not the limit - in fact, there are many more, just Shodan is also not a panacea, the search engine does not detect all vulnerable cameras.


Botnets sometimes infect a huge number of devices.

As for Shenzhen Neo, the representatives of this company did not comment in any way on the data presented by cybersecurity experts.

Here it is also necessary to say that far from only the cameras are vulnerable. We have already said that there are a lot of smart devices now. But somehow, some manufacturers are more concerned about the design of their gadgets, their functionality, completely forgetting about security. And this may be unforgivable in our time. Among the cameras that we studied, from a security point of view, Netatmo Welcome is quite good. There are quite a few other cameras that are produced even by Chinese, albeit by other manufacturers and, moreover, have a good protection system.

We think that among the readers of Geektimes there are quite a few who installed cameras at home or at work. Which ones do you think are safe? I think for many this information is relevant.

---