Security cameras and other IoT devices have been frequently identified to be incompetent and plagued with a variety of built-in flaws that render them vulnerable to exploitation by hackers. The same has been proven yet again by a team of security researchers from Pen Test Partners. Researchers Andrew Tierney, Chris Wade, and Ken Munro participated in this research along with Alan Woodward, Scott Helme, and Vangelis Stykas.
According to their findings, many of the smart security cameras contain a major security flaw that allows cybercriminals to gain access to their live feed. They tested one of the smart security cameras manufactured by Swann and identified that the device could not differentiate if someone was authorized to view the live feed. Hence, anyone can listen to and view live footages from the Swann camera.
The tested device, explain researchers, is a battery powered, internet connected HD camera that streams live footage either through a cloud service or over the local network, which is supported by the New York-based Ozvision. The research was conducted after BBC reported that users could gain access to someone’s live video stream.
Tierney, one of the research team members, writes that the unauthorized live stream viewing process is not too complex as it only requires switching of videos from one camera to the other using the cloud service. In case the flaw is identified by a cybercriminal, he can easily obtain sensitive video feeds and customer information without much ado. Researchers used a camera they owned for the research purpose so as to avoid legal troubles.
The reason why the flaw can be exploited is that Swann’s cameras have a hard-coded serial number that allows communication with the cloud service; this serial number can be replaced with another one to acquire access to the camera’s live stream. This is done by using proxy software, which helps in changing the network traffic. It was concluded that every Swann camera serial number could be enumerated within three days’ time.
“The serial is of the form swn then 9 hex chars [swnxxxxxxxxx]. That’s a big keyspace, but not THAT big. Vangelis took a look at the API and realized that it allowed enumeration. We believe the keyspace could be fully enumerated in as little as 3 days, given a distributed set of concurrent requests to the API,” said researchers.
Swann states that the flaw is present in the SWWHD-Intcam and not all the models of its security cameras. The flaw has now been fixed by Swann in its new firmware version so the company has done its part but it is OzVision that is at the receiving end of strong criticism.
— The Obscure Brewer (@Battwave) May 30, 2018
It is argued that the company offers cloud service to around three million smart cameras and users rely upon its app to connect to their IoT devices, and if anyone can gain access to live stream then all the smart cameras stand at risk. These include the Flir FX smart camera and other brands apart from Swann. The problem lies in the tunnel protocol that is responsible for verifying is a particular viewer is authorized to access the live stream or not.
The same flaw was discovered in October last year by Depth Security and OzVision didn’t resolve the issue until now. There hasn’t been any response from both Swann and OzVision regarding the issue but BBC reports that the latter would be resolving the security flaws within a few days.
Image credit: Shutterstock