The IP cameras for non-secure is one of many examples of connected objects that are vulnerable to cyber threats.
Download the free guide
Boost your gains
Rueil Malmaison, June 7, 2017 – F-Secure has discovered multiple vulnerabilities on both IP cameras from Foscam. By exploiting these vulnerabilities, detailed in a report, hackers can take remote control on the camera, video streams and files downloaded from a server integrated. If the device is on a local network, the attacker can access the network in question, and can use the camera to conduct DDos attacks or other malicious activities.
“These vulnerabilities allow hackers to do more or less whatever they want,” says Harry Sintonen, Senior Security Consultant at F-Secure. He himself discovered these vulnerabilities. “These flaws are very serious. An attacker can exploit one by one or all at once, in order to have access rights additional concerning the device or the network. ”
This discovery adds to the long list of objects that are connected or ” smart “, that are not sufficiently secure to cope with cyber attacks today. Smart cars, CCTV cameras, kettles, and even routers have proven to be particularly unsafe. The dangers became even more evident after the ravages of the botnet Mirai, who seized cameras and enclosures DVRS and non-secure. This DDoS attack, which took place last October, is the most important that has ever known the internet.
A total of 18 vulnerabilities have been listed. Hackers can infect the devices in different ways. The method of identifying non-secure, encoded ” hard “, allows them to easily obtain the user access rights. The software does not restrict access to critical files : hackers can modify them with their own orders. It is also possible to inject commands remotely, conduct XSS attacks, to generate buffer overflows, or even to force the passwords. The attacker can get access to the main menu, take control of the device and use it as the hub of its network.
“Cyber security has been ignored at the time of the design,” says Harry Sintonen. “The main concern of the developers was to develop these products quickly, to put on the market as soon as possible. Many of the principles of security were ignored, which puts the users and their networks in danger. The irony is : these items are sold as devices, supposed to better secure your physical environment ! In return, your virtual environment is rendered particularly vulnerable. ”
The chinese manufacturer Foscam offers many models of IP cameras. Some are available in white brand and sold under other names, including OptiCam. The two models studied by Harry Sintonen are the following : OptiCam i5 HD and Foscam C2. According to Sintonen, it is likely that the vulnerabilities present on these cameras exist on other devices manufactured by Foscam.
Harry Sintonen recommends isolating these cameras the rest of the network, in order not to endanger the whole of the infrastructure in case of attack. “Change the password by default is also a basic principle “, he adds. “Unfortunately, with these devices, the identification method allows the attacker to bypass the password even if it has been modified. ”
Foscam has been informed of these faults it has been several months already but, to date, no patch is not yet available.
30 years of experience in cyber security. Always with the same engine : the innovation. The Finnish company now has unrivalled expertise in the fight against all the threats, infections such as ransomware in the cyber attacks advanced. To do this, F-Secure has developed a defence strategy sophisticated, which combines the power of machine learning and human expertise. The name of this unique approach : Live Security. F-Secure products are available through over 200 operators and thousands of resellers. They defend every day, tens of thousands of businesses and millions of individuals.
Download the free guide
Boost your gains