Posted by rgmekanic 2:28 PM (CDT)
Tuesday March 13, 2018
In a report from SecureList, Kaspersky Lab ICS CERT researchers decided to check how secure a popular smart cameras are. The testers looked at cameras from Hanwha Techwin, and found what they call "severe" security flaws. The team found nearly 2,000 cameras on the internet with a public IP address. The flaws can allow attackers to gain remote access to the video and audio feeds, remotely disable them, infect them with malicious code, or use them as an entry point to the network to make further attacks. Kaspersky researchers contacted the manufacturer, and several models have been patched already, with more on the way.
For one, the attacker can remotely change the administrator’s password, execute arbitrary code on the camera, gain access to an entire cloud of cameras and take control of it, or build a botnet of vulnerable cameras. An attacker can gain access to an arbitrary SmartCam as well as to any Hanwha smart cameras.