Hackers can remotely control smart cameras due to cloud architecture flaw. — VNS Photo |
HCM CITY — Kaspersky Lab researchers have discovered multiple security vulnerabilities in popular smart cameras that are frequently used as baby monitors or for home and office security surveillance.
They said these flaws could allow attackers to obtain remote access to video and audio feeds from the cameras, remotely disable the devices, execute malicious codes on them and do many other things.
Earlier analysis by many other security researchers had found that smart cameras in general tended to contain security vulnerabilities of various levels of severity.
However, the Kaspersky Lab experts uncovered something extraordinary in their latest research: that not just one, but a whole range of smart cameras are vulnerable to a number of severe remote attacks.
This is due to an insecurely designed cloud-backbone system created initially to enable the owners of these cameras to remotely access video from their devices.
By exploiting these vulnerabilities, hackers can execute attacks such as accessing video and audio feeds from any camera connected to the vulnerable cloud service; remotely gain root access to a camera and use it as an entry point for further attacks on other devices on both local and external networks; remotely upload and execute arbitrary malicious code on the cameras; steal personal information such as users’ social network accounts and information which is used to send users notifications and remotely “brick” vulnerable cameras.
Following the discovery, Kaspersky Lab researchers contacted and reported the vulnerabilities to camera manufacturer. At the time of publication, some vulnerabilities had already been fixed, and the remaining vulnerabilities are set to be completely fixed soon.
To stay protected, Kaspersky Lab strongly advises users to always change the default password, use a complex one instead, do not forget to change it regularly, and pay close attention to security issues on connected devices before buying a smart device. — VNS