We all know (that is, or almost all) that there are more and more IoT-devices. Speaking of smart cameras, they are quite convenient. Advanced models, such as iVideon Oco 2, help both to monitor the home in their absence and communicate with the wards – in some cameras there is a speaker and a microphone. The advantages of cameras are being realized by an increasing number of users, but the trouble is that manufacturers are worried about the safety of their devices not in the best way.
There are hundreds or even thousands of smart camera models on the market. Some of them fall under the sights of the "safety", who test the device in the tail and in the mane, trying to find vulnerabilities in their protection. The other day, information on the results of the vulnerability analysis of the two camera models produced by Shenzhen Neo Electronic company appeared on the web. This organization has supplied several hundred thousand smart systems to users from around the world, and as a result, about 150,000 of the installed cameras can be hacked.
The purpose of hacking can be different – someone just wants to intercept the video stream, and someone plans to create a botnet out of hundreds of thousands of devices (you can not help remembering those who stood behind the Mirai botnet). Alex Balan, a researcher at Bitdefender, said that after the vulnerabilities were discovered, developers were informed about them. But they keep silence, and problematic places in the software remain unpatched.
However, the problem is also that nothing can be fixed in the already made cameras. About this Balan said in an interview with one of the popular online media at the conference Def Con, which was held in Las Vegas.
The researcher voiced problem cameras. This is NIP-22 and iDoorbell. But the fact that only two models are studied in detail, does not at all cancel the fact that similar problems contain the applications of many other smart cameras. And not only cameras – for the past few years, experts have found vulnerabilities, except for cameras, in animal gadgets, dishwashers and even in sex toys. These systems are not hacked in a hurry, but individually, but this does not mean that attackers can not form a botnet with a number of "zombies" exceeding several hundred thousand.
Vulnerabilities, by the way, are quite common – burglars do not need to show any super-mindedness. One of the vulnerabilities that are relevant for these two cameras is the banal login and password for default, set at the factory. They change very few, but any more or less savvy PC user can easily recognize this bunch. Interestingly, despite the past epidemic (and not one) of IoT hacking devices, Shodan still shows over hundreds of thousands of vulnerable cameras. Anyone who uses the user login and the same password, or the guest / guest bundle, will be able to access these cameras.
As for the second problem, everything here is somewhat more complicated. In this case, buffer overflow is used, which allows the attackers to take control of the device by themselves, turning it into a zombie part of the botnet. And hundreds of thousands of such devices are not the limit – in fact, there are a lot more of them, just Shodan is not a panacea either, the search engine does not detect all the vulnerable cameras.
Botnets sometimes infect a huge number of devices
As for Shenzhen Neo, representatives of this company did not comment on the data submitted by cyber security experts.
Here it is still necessary to say that not only cameras are vulnerable. We have already said that there are a lot of smart devices. But somehow some manufacturers are more worried about the design of their gadgets, their functionality, completely forgetting about security. And this can be inexcusable in our time. Among the cameras that we studied, in terms of security is quite good Netatmo Welcome. There are a lot of other cameras, which are produced even by Chinese, though other manufacturers, and moreover have a good system of protection.
We think that among the readers of SurprizingFacts there are many who installed cameras at home or at work. Which of them do you consider to be safe? I think that for many this information is relevant.