Talk revealing p0wnable surveillance cams pulled after legal threat

Hard-coded creds, flaws galore, plague pricey peepers


Hack in the Box Swiss researcher Gianni Gnesa says the most popular network surveillance cameras currently sold on Amazon contain easy remote exploitable vulnerabilities that allow hackers to gain admin access and quietly peer through lenses.

The consultant for Zurich-based Ptrace Security found holes in pricey IP cameras sold on the shopping site for up to $600.

Each camera vendor made claims about the high security integrity of its hardware, yet all were found to be hackable over the internet.

Some sport hardcoded and therefore unchangeable credentials, others undocumented backdoors, and operate over insecure protocols like telnet.

For one of the models Gnesa tested, some 30,000 machines can be found using the Shodan device search portal.

An unnamed vendor caught up in the research hit Gnesa with a legal threat after he prepared to present his work at the Hack in the Box conference in Singapore next week.

The hacker then canceled his talk.

Gnesa describes his work to Vulture South revealing that it is possible to crash and compromise the cameras.

"I've analysed several IP cameras and they all had some weaknesses that could all you to shut down the camera, freeze the video stream, or get access to the admin panel," Gnesa says.

"The cameras that I selected are all popular mid range cameras that you can find on Amazon [which] I chose because they all had a good rating and claim to be secure.

Gnesa says each camera has more than 1,500 largely positive customer reviews.

At least one is in use in retail stores.

He reckons his exploits could likely be made persistent to survive camera reboots with a little effort since a shell would not be difficult to pop with the afforded admin access.

Users in possession of cameras with hard-coded credentials, everything-as-root policies, and backdoors may need to bin their units or demand updates to lock down their devices.

Others may be able to apply updates and should change default passwords and disable insecure protocols.

Home security kit has been compromised before. Canberra malware destroyer Silvio Cesare developed a $20 gadget in 2013 that popped home alarm units and various fixed-code radio frequency security systems.®


Other stories you might like

  • To cut off all nearby phones with these Chinese chips, this is the bug to exploit
    Android patches incoming for NAS-ty memory overwrite flaw

    A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.

    The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.

    Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.

    Continue reading
  • Cisco EVP: We need to lift everyone above the cybersecurity poverty line
    It's going to become a human-rights issue, Jeetu Patel tells The Register

    RSA Conference Exclusive Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration.

    "It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote. 

    "This is critical infrastructure — financial services, health care, transportation — services like your water supply, your power grid, all of those things can stop in an instant if there's a breach," he said. 

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022