Apparently security cameras are even less secure than we thought. Eighteen popular brands of cameras have been found to have serious flaws in their own security, leaving at least 58,000 unsecured, open-to-basically-anyone security cams out there.
Security firm Rapid7 discovered how the widespread flaw is after reading a blog post by someLuser, detailing the failings of one company, Swann. In short, the flaw allows anyone connected to a specific port full access to the DVR functions of the cameras. Rapid7 applied the same code used on Swann to other major camera companies, and turned up this list of vulnerable manufacturers:
Swann, Lorex, URMET, KGuard, Defender, DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000
The flaws have only been tested through a scan of their code, not actual spying, but Rapid7 is confident it would work on all listed companies’ cameras. Anyone with a system made by one of those companies would have to wait for a firmware update to come out addressing the flaw.
We’ve known about unsecured net-connected gear—security cameras in particular—for a while. Last summer it came out that three of the most popular brands were vulnerable to a similar attack, and there’s even a map to look in on a bunch of unsecured feeds. Not to mention the almost 90,000 unsecured printers around the world, which could just start spitting out just about anything at any given moment. So this is concerning—deeply so—but only one more step down a path we were already walking. [Forbes]
Image by Tischenko Irina/Shutterstock