Security Flaw Can Turn Smart Cameras Into Spying Tools

Posted by rgmekanic 2:28 PM (CDT)

Tuesday March 13, 2018

In a report from SecureList, Kaspersky Lab ICS CERT researchers decided to check how secure a popular smart cameras are. The testers looked at cameras from Hanwha Techwin, and found what they call "severe" security flaws. The team found nearly 2,000 cameras on the internet with a public IP address. The flaws can allow attackers to gain remote access to the video and audio feeds, remotely disable them, infect them with malicious code, or use them as an entry point to the network to make further attacks. Kaspersky researchers contacted the manufacturer, and several models have been patched already, with more on the way.

And the record skips again with the sound of me saying that the whole "Internet of Things" is a generally bad idea. You may not be concerned, thinking "Who is Hanwha anyway?" You may know the cameras better under the name of "Samsung."

For one, the attacker can remotely change the administrator’s password, execute arbitrary code on the camera, gain access to an entire cloud of cameras and take control of it, or build a botnet of vulnerable cameras. An attacker can gain access to an arbitrary SmartCam as well as to any Hanwha smart cameras.