Resource Center

This Serious Flaw Leaves Security Cameras Open To Hackers

Alex Flitton
Jun 26, 2018 8:05:00 AM

What was once a captivating element in the Mr. Robot TV series is now an all-too-common reality. For those who aren’t familiar with the show, in one episode, a lead character takes control of a wealthy woman’s home by hacking into the smart devices, causing them to wreak havoc until she was forced to leave. What the unsuspecting woman did not know was the hackers needed her to leave so they could use her home as a makeshift basecamp.

Fixing Firmware Vulnerabilities

Even in the real world, IoT Devices have fatal vulnerabilities that–unless discovered and repaired–can leave consumers open to attack. That is exactly what VDOO, a security research firm, discovered in a recent investigation.

According to ZDNet: “Researchers at VDOO discover vulnerabilities which, if left unpatched, could allow attackers to take control of the devices or rope cameras into botnets.”

They continue to report, “In total, seven vulnerabilities in the cameras were discovered and researchers have detailed how three of them could be chained together in order to provide remote access to the cameras and execute remote shell commands with root privileges.”

For those unfamiliar with tech speak, hackers can pretty much access the spaceship, fly it where they want and make it so no one else can get in. That’s a big deal.

A New Power Differential

Hackers who take control of a device can do with it as they please; as far as the device is capable. For example, when they gain control over a camera, they can access its video stream, freeze the image, alter the camera’s software and even control where the camera is pointed.

Hackers can do the following with cameras they take control of: 

  • Gain access to the video stream
  • Freeze the image
  • Move the lens
  • Turn the motion detection feature on and off
  • Add the camera to a botnet
  • Alter the camera’s software
  • Use the camera as an infiltration point into a network
  • Make the camera unuseable
  • Use the camera to perform nefarious tasks (DDoS attacks, Bitcoin mining and others

Of course, the Axis cameras noted in the study above are not the only ones that have been discovered to have vulnerabilities. Foscam, a notable camera manufacturer, was also found to have flaws in its security. What is most disturbing, is many of the cameras discovered to have flaws are used to monitor office spaces and baby nurseries.

What Can You Do?

As a security dealer, it is your responsibility to remain aware of these vulnerabilities as they become known. As you learn about them, you must communicate with your customers to provide instructions on how they can combat threats. These issues can most often be resolved after a firmware update or by making changes to device settings.

There is often a communication window in which dealers have to inform their customers before they make public news releases. Once the public news releases are made, anyone can know exactly what the flaws are and use them to exploit unsuspecting people.

Take advantage of our robust library of industry and AG related news, articles, webinars and other resources available through our resource center to enhance your success.  You will also discover valuable insights and content you can share with your subscribers through your website, newsletters, and emails.

Receive more useful content like this by signing up for our weekly AG Newsletter below: