Category : Administration Privileges , Applications , Baby Monitor , Business , Cameras , Cloud Services , Companies , Computer Bug , Computer Forensics , Cyber Security , Data , Devices , Digital Video Camera , Encryption , Firmware , Hack , Hackers , Hacking , Intelligent Cameras , Internet , IP Logs , Live Video Feed , Local Network , Log-In Information , Mobile Application , Network , Network Security , Password , Password Portection , portal , Remote , Remote Access , Script , Secure , Security , Security Cameras , Security Patches , Smartphone , Technology , Updates , username , Vulnerabilities , Web Interface , Web Server , Wireless , Wireless Security Protocols
Dear Blast Readers,
Is your home equipped with security cameras? Do you have cameras, such as a baby monitor, watching your children while you are in the other room? Have you ever wondered if someone else out there was watching?
When being installed, smart cameras seems to be a promising idea. Smart Cameras, also known as “Intelligent Cameras”, are vision systems that can extract specific information from images that have been captured. Smart cameras allow you, as the user, to stream live video feed straight to your smartphone. These types of cameras can be used as security cameras, allowing you to watch your home while working or out of town. They can also be used as baby monitors, allowing you to keep a close eye on your kids.
Sounds great, right? But, did you know that these smart cameras come with vulnerabilities? Vulnerabilities that allows someone other than yourself to watch your family?
It has been found that there are flaws in the camera’s technology. These flaws allow hackers to do a few things, such as:
- Gaining control of the camera.
- Being able to turn the camera on/off remotely.
- Changing your log-in information (locking you out).
- With the help from the internet, hackers can hack into the networked camera. (A networked camera is a digital video camera that can be used for surveillance. It can also send & receive data through the network and/or the internet.)
While the original security vulnerabilities have been patched up, that does not stop new vulnerabilities from surfacing. One of those vulnerabilities is a script that has been left untouched, and it has been discovered that the untouched script contains a bug.
What does this script do?
The script allows users, who do not have administration privileges, to gain access remotely. Due to this vulnerability, it was decided to disable the admin panel all together. By doing so, this only allows users to access the cameras one of two ways:
- Through the smartphone application.
- Through the cloud services.
Even though accessing the web interface through the local network is no long possible, it has been discovered that the web server still runs on the device.
Did you know that the disabled web management interface can be re-enabled?
By re-activating the web interface, this allows users to continue monitoring camera feed though the local network. But that is not the only thing that happens when this feature gets enabled. By re-enabling the web interface, it also re-activates the old vulnerable features that were weakened by being fully disabled.
How are you supposed to protect yourself and your devices?
To protect you, your family and devices, the following is suggested:
- Do not access your device through any portal that is not secure.
- Always change your log-in information (i.e. username & password).
- Keep your mobile application up-to-date (most companies tend to include security patches and updates inside the mobile application).
- Make sure to keep your devices firmware up-to-date.
- Check your IP logs (IP Logs will let you know if/when someone else is watching).
- Make sure your device supports: Encryption and the current wireless security protocols.
- Before using your device as a remote, make sure device is password protected.
If you have any questions relating to Hacking, Cyber Security, or Computer Forensics contact FDS Global. You can reach us at your office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.