• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 11th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » IP Security Cameras Vulnerable to Hostile Takeovers

IP Security Cameras Vulnerable to Hostile Takeovers

June 8th, 2017 Ali Raza Security, Technology News 0 comments
IP Security Cameras Vulnerable to Hostile Takeovers
Share on FacebookShare on Twitter

According to a report submitted by the security company called F-Secure, the security cameras made by a Foscam company from China have some notable flaws. For example, they’re extremely vulnerable to hacking attacks that when an attack is performed, the cameras might allow the hacker to see video feeds, compromise other devices, download existing files and more.

Up to 18 different vulnerabilities were documented by the researchers, first of which were reported several months ago. However, the company has yet to fix any of them. The brand that has all of these flaws is called Opticam i5 HD, while some flaws were found on the model marked Foscam C2. According to the report [Pdf], it’s possible that other models developed by the same manufacturer may carry similar flaws.

[irp posts=”53402″ name=”New Persirai Malware infects tons of IP cameras”]

The research claims that the number of flaws can offer any attacker many ways of infecting the device. One of the flaws includes both unsecured, as well as hard-coded credentials. In both cases, a potential hacker can easily gain access to the devices. It’s also possible to use other flaws for the purpose of getting remote command injections.

The report also says that attackers can even modify the code of these devices or get to the root privileges by accessing world-writeable files. It’s also possible for an attacker to use Telnet and find even more flaws in the device, or its surrounding network. Also, the firewall protecting the devices doesn’t even act like one.

“The sheer number of vulnerabilities offers an attacker multiple alternatives in compromising the device. Among the discovered vulnerabilities are insecure default credentials and hard-coded credentials, both of which make it trivial for an attacker to gain unauthorized access. Other vulnerabilities allow for remote command injection by an attacker. World-writeable files and directories allow an attacker to modify the code and to gain root privileges. Hidden Telnet functionality allows an attacker to use Telnet to discover additional vulnerabilities in the device and within the surrounding network. In addition, the device’s “firewall” doesn’t behave as a firewall, and it also discloses information about the validity of credentials.”

All in all, these vulnerabilities are leaving a lot of possibilities for capable hackers, including the chance to use them in a botnet and launch DDoS attacks. And of course, accessing private videos, or using the devices as a bridge to infecting other devices from the same network can also be expected. It’s even possible to replace camera’s regular firmware with a malicious one, and not even be detected while doing it.

[irp posts=”48127″ name=”Nearly 80 Sony IP Camera Models Plagued with Backdoor Accounts”]

The report also mentioned that both models have the same file transfer protocol server that’s built into them. It has an empty account password that can’t be changed by the regular user. It also has a hidden telnet function that will allow hackers to widen the abilities of the device and the programming scripts have incorrect permissions which run whenever the device starts.

These three flaws can be exploited heavily by the attackers and they can be used for getting remote access to the devices. The report says that the empty password can even be used for logging in, which leads to activation of the Telnet functionality. The hackers can then get to the world-writable file and use it to control which of the programs can run on boot. Even if the device is rebooted, the attacker will still have access.

Researchers then said that the company was alerted and that these vulnerabilities were pointed out to them a few months ago. Still, it would seem that none of them have been fixed. There were no security updates and F-Secure has refused to release the proof of the exploits. They also said that they’d found such flaws in 14 different brands, besides Opticom and Foskam.

Those are Sab, Chacon. Ivue, 7links, Ebode, Thomason, Qcam, Opticam, Nexxt, Netis, Techanaxx, Turbox, Ambientcam, and Novodio.

F-Secure suggests that for now running any of these devices is dangerous and users are recommended to do so only inside a dedicated local network and don’t give them access to other devices. IoT users should change their default passwords and check for updates on regular basis. 

[irp posts=”52400″ name=”IoT company disabled customer’s device remotely over bad review”]

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Camera
  • hacking
  • internet
  • IoT
  • Privacy
  • security
  • Technology
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Facebook patents emotion-sensing technology to 'deliver better content'
Next article Bitcoin, Litecoin Exchange BTC-E Suffers Massive DDoS Attacks
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.

Related Posts
Cyber attack cripples networks in city of Pensacola days after shooting

Cyber attack cripples networks in city of Pensacola days after shooting

Fake VPN website delivering password-stealing malware

Fake VPN website delivering password-stealing malware

New privacy tool exposes which website leaves your data unprotected

New privacy tool exposes which website leaves your data unprotected

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Cyber attack cripples networks in city of Pensacola days after shooting
Cyber Attacks

Cyber attack cripples networks in city of Pensacola days after shooting

423
20 years prison for Romanian hackers who infected 400,000 computers
Cyber Crime

20 years prison for Romanian hackers who infected 400,000 computers

464
FBI uses PlayStation to bust large scale drug deal
Cyber Crime

FBI uses PlayStation to bust large scale drug deal

823
Fake VPN website delivering password-stealing malware
Security

Fake VPN website delivering password-stealing malware

1476

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us