Undoubtedly, smart cameras have many advantages: people can use them as baby monitors or surveillance systems that detect intruders when there is no one at home or at the office. But are these devices permanently connected to the Internet really safe?
Kaspersky Lab researchers have discovered more security vulnerabilities in a well-known brand of smart rooms, commonly used as baby monitors or for homes or offices. According to investigations, a number of vulnerabilities could be exploited by hackers to gain remote access to video or audio streams in the room. For example, in a not happy script, the video stream used by parents to monitor their own child could be downloaded in real-time on sites frequented by pedophiles
The source of the problems is a security cloud structure originally created to allow camera keepers to remotely access video from their devices
Using these vulnerabilities, some malicious users might perform the following attacks :
- Access video and audio streams from any room connected to a vulnerable cloud service
- Remote remote access to a camera and its use as an entry point for other attacks on other devices on local and external networks
- Remote upload and execution of dangerous codes on cameras
- Theft of personal information such as user social networking accounts and other information used to send notifications
- The remote "bricking" of vulnerable chambers
During the research, Kaspersky Lab's experts were able to identify nearly 2,000 vulnerable rooms available online, but these were just rooms that had their own IP, therefore they were available directly via the Internet. The actual number of vulnerable devices behind routers and firewalls could be several times higher
In order to remain protected, Kaspersky Lab recommends users to take the following measures :
- Always change the factory password. Please use a complex password and do not forget to update it at regular intervals.
- Pay attention to the security issues of connected devices before you buy another such item for your home or office. Discovered and resolved vulnerability information is usually available online and is therefore easy to find.
After discovery, Kaspersky Lab scientists contacted the producer of affected rooms, Hanwha Techwin. At the time of publishing the research, some vulnerabilities have already been resolved, and the rest will soon be resolved, according to the company whose products are also available to European consumers