Cameras with multiple brand names are wide open to remote hacking. Security cameras manufactured by China-based Foscam are vulnerable to remote take-over hacks that allow attackers to view video feeds, download stored files, and possibly compromise other devices connected to a local network.
That's according to a 12 page report released Wednesday by security firm F-Secure.
Researchers at F-Secure documented 18 vulnerabilities that the manufacturer has yet to fix despite being alerted to them several months ago. All of the flaws were confirmed in a camera marketed under the Opticam i5 HD brand. A smaller number of the vulnerabilities were also found in the Foscam C2. The report said the weaknesses are likely to exist in many other camera models Foscam manufactures and sells under other brand names.
With no security updates, F-Secure declined to release proof-of-concept exploits. Besides the Foscam and Opticom brands, F-Secure said it was aware of 14 other brands used to market Foscam-made devices. They include:
Chacon
Thomson
7links
Opticam
Netis
Turbox
Novodio
Ambientcam
Nexxt
Technaxx
Qcam
Ivue
Ebode
Sab
People who running one of these devices should strongly consider running them inside a dedicated local network that doesn't have access to other connected devices and can't be reached from the outside Internet. More generally speaking, all Internet of things users should be sure to change all default passwords and regularly check for security updates, although sadly, in this case, those precautions will provide little protection.
https://arstechnica.com/security/201...mote-controls/
That's according to a 12 page report released Wednesday by security firm F-Secure.
Researchers at F-Secure documented 18 vulnerabilities that the manufacturer has yet to fix despite being alerted to them several months ago. All of the flaws were confirmed in a camera marketed under the Opticam i5 HD brand. A smaller number of the vulnerabilities were also found in the Foscam C2. The report said the weaknesses are likely to exist in many other camera models Foscam manufactures and sells under other brand names.
With no security updates, F-Secure declined to release proof-of-concept exploits. Besides the Foscam and Opticom brands, F-Secure said it was aware of 14 other brands used to market Foscam-made devices. They include:
Chacon
Thomson
7links
Opticam
Netis
Turbox
Novodio
Ambientcam
Nexxt
Technaxx
Qcam
Ivue
Ebode
Sab
People who running one of these devices should strongly consider running them inside a dedicated local network that doesn't have access to other connected devices and can't be reached from the outside Internet. More generally speaking, all Internet of things users should be sure to change all default passwords and regularly check for security updates, although sadly, in this case, those precautions will provide little protection.
https://arstechnica.com/security/201...mote-controls/