[B]
Kaspersky Lab researchers have discovered multiple security vulnerabilities in popular smart cameras that are frequently used as baby monitors, or for internal home and office security surveillance.
According to the research, the uncovered flaws could allow attackers to obtain remote access to video and audio feeds from the cameras, remotely disable these devices, execute arbitrary malicious code on them and do many other things.
Modern smart cameras contain an advanced number of functions, providing users with various opportunities: people can use them as advanced baby monitors or for surveillance systems which spot intruders while no one is home or in the office.
But, are these cameras secure enough by design and what if such a smart camera started watching you, instead of watching your home?
Previous analysis conducted by many other security researchers has shown that smart cameras in general tend to contain security vulnerabilities at different levels of severity.
However, in their latest research, Kaspersky Lab experts uncovered something extraordinary: not just one, but a whole range of smart cameras was found to be vulnerable to a number of severe remote attacks.
This was due to an insecurely designed cloud-backbone system that was initially created to enable the owners of these cameras to remotely access video from their devices.
By exploiting these vulnerabilities, malicious users could execute the following attacks:
• Access video and audio feeds from any camera connected to the vulnerable cloud service;
• Remotely gain root access to a camera and use it as an entry-point for further attacks on other devices on both local and external networks.
• Remotely upload and execute arbitrary malicious code on the cameras;
• Steal personal information such as users’ social network accounts and information which is used to send users notifications.
• Remotely “brick” vulnerable cameras.
All these attacks were possible because experts found that the way the cameras interacted with the cloud service was insecure and open to relatively easy interference.
They also found that the architecture of the cloud service itself was vulnerable to external interference.
It is important to note that such attacks were only possible if attackers knew the serial number of the camera. However, the way in which serial numbers are generated is relatively easy to find out through simple brute-force attacks: the camera registering system didn’t have brute force protection.
In order to stay protected:
• Always change the default password. Use a complex one instead and do not forget to update it regularly.
• Pay close attention to security issues of connected devices before purchasing yet another smart device for homes or offices. Information on discovered and patched vulnerabilities is usually available online and is often easy to find.
Watch out all!!
Smart eye: Flaws that could transform popular smart cameras into surveillance tool
[/B]Kaspersky Lab researchers have discovered multiple security vulnerabilities in popular smart cameras that are frequently used as baby monitors, or for internal home and office security surveillance.
According to the research, the uncovered flaws could allow attackers to obtain remote access to video and audio feeds from the cameras, remotely disable these devices, execute arbitrary malicious code on them and do many other things.
Modern smart cameras contain an advanced number of functions, providing users with various opportunities: people can use them as advanced baby monitors or for surveillance systems which spot intruders while no one is home or in the office.
But, are these cameras secure enough by design and what if such a smart camera started watching you, instead of watching your home?
Previous analysis conducted by many other security researchers has shown that smart cameras in general tend to contain security vulnerabilities at different levels of severity.
However, in their latest research, Kaspersky Lab experts uncovered something extraordinary: not just one, but a whole range of smart cameras was found to be vulnerable to a number of severe remote attacks.
This was due to an insecurely designed cloud-backbone system that was initially created to enable the owners of these cameras to remotely access video from their devices.
By exploiting these vulnerabilities, malicious users could execute the following attacks:
• Access video and audio feeds from any camera connected to the vulnerable cloud service;
• Remotely gain root access to a camera and use it as an entry-point for further attacks on other devices on both local and external networks.
• Remotely upload and execute arbitrary malicious code on the cameras;
• Steal personal information such as users’ social network accounts and information which is used to send users notifications.
• Remotely “brick” vulnerable cameras.
All these attacks were possible because experts found that the way the cameras interacted with the cloud service was insecure and open to relatively easy interference.
They also found that the architecture of the cloud service itself was vulnerable to external interference.
It is important to note that such attacks were only possible if attackers knew the serial number of the camera. However, the way in which serial numbers are generated is relatively easy to find out through simple brute-force attacks: the camera registering system didn’t have brute force protection.
In order to stay protected:
• Always change the default password. Use a complex one instead and do not forget to update it regularly.
• Pay close attention to security issues of connected devices before purchasing yet another smart device for homes or offices. Information on discovered and patched vulnerabilities is usually available online and is often easy to find.
Watch out all!!
Aucun commentaire:
Enregistrer un commentaire