• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance
Privacy

Flaw in Swann smart security cameras allows access to user’s live stream

July 28th, 2018 Waqas Security, Privacy 0 comments
Flaw in Swann smart security cameras allows access to user’s live stream
Share on FacebookShare on Twitter

Security cameras and other IoT devices have been frequently identified to be incompetent and plagued with a variety of built-in flaws that render them vulnerable to exploitation by hackers. The same has been proven yet again by a team of security researchers from Pen Test Partners. Researchers Andrew Tierney, Chris Wade, and Ken Munro participated in this research along with Alan Woodward, Scott Helme, and Vangelis Stykas.

According to their findings, many of the smart security cameras contain a major security flaw that allows cybercriminals to gain access to their live feed. They tested one of the smart security cameras manufactured by Swann and identified that the device could not differentiate if someone was authorized to view the live feed. Hence, anyone can listen to and view live footages from the Swann camera.

See: Creepy website shows live footage from 73,000 Private Security Cameras

The tested device, explain researchers, is a battery powered, internet connected HD camera that streams live footage either through a cloud service or over the local network, which is supported by the New York-based Ozvision. The research was conducted after BBC reported that users could gain access to someone’s live video stream.

Flaw in Swann smart security cameras allow access to user's live stream

Swann smart security cameras

Tierney, one of the research team members, writes that the unauthorized live stream viewing process is not too complex as it only requires switching of videos from one camera to the other using the cloud service. In case the flaw is identified by a cybercriminal, he can easily obtain sensitive video feeds and customer information without much ado. Researchers used a camera they owned for the research purpose so as to avoid legal troubles.

The reason why the flaw can be exploited is that Swann’s cameras have a hard-coded serial number that allows communication with the cloud service; this serial number can be replaced with another one to acquire access to the camera’s live stream. This is done by using proxy software, which helps in changing the network traffic. It was concluded that every Swann camera serial number could be enumerated within three days’ time.

“The serial is of the form swn then 9 hex chars [swnxxxxxxxxx]. That’s a big keyspace, but not THAT big. Vangelis took a look at the API and realized that it allowed enumeration. We believe the keyspace could be fully enumerated in as little as 3 days, given a distributed set of concurrent requests to the API,” said researchers.

Swann states that the flaw is present in the SWWHD-Intcam and not all the models of its security cameras. The flaw has now been fixed by Swann in its new firmware version so the company has done its part but it is OzVision that is at the receiving end of strong criticism.

Can @swannsecurity please tell me why both our smart devices can reliably access the CCTV cameras from a pub. Moreover, who's viewing our cameras? Anyone recognise the pub? pic.twitter.com/LSfUIfF1FE

— The Obscure Brewer (@Battwave) May 30, 2018

It is argued that the company offers cloud service to around three million smart cameras and users rely upon its app to connect to their IoT devices, and if anyone can gain access to live stream then all the smart cameras stand at risk. These include the Flir FX smart camera and other brands apart from Swann. The problem lies in the tunnel protocol that is responsible for verifying is a particular viewer is authorized to access the live stream or not.

See: Sauna security camera hacked; nude videos of Dutch Women’s Handball Team leaked

The same flaw was discovered in October last year by Depth Security and OzVision didn’t resolve the issue until now. There hasn’t been any response from both Swann and OzVision regarding the issue but BBC reports that the latter would be resolving the security flaws within a few days.

Image credit: Shutterstock

  • Tags
  • Camera
  • hacking
  • IoT
  • Privacy
  • security
  • Swann
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article ICO hacked: Hackers steal $8 million from KICKICO Blockchain network
Next article Parasite HTTP RAT loaded with advanced detection evasion capability
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers claims to be selling 13tb of Domino’s India data
Hacking News

Hackers claims to be selling 13tb of Domino’s India data

WhatsApp Pink is malware spreading through group chats
Security

WhatsApp Pink is malware spreading through group chats

A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us