Choosing the right security camera is easy when you are part of the Security Management Services – SMS, LLC family. We partner with industry leading camera manufactures to provide our customers the best in quality, security and value. Read below to see why getting our professional input on new camera installations can save you a big headache down the road.
The flaws allow for a wide range of hacks, including using the Internet-connected cameras to participate with other infected devices in distributed denial-of-service attacks, accessing private videos, and compromising other devices connected to the same local network. The vulnerabilities are compounded by the ability to permanently replace the normal firmware controlling the camera with malicious firmware that can survive restarts without being detected.
One example of three vulnerabilities disclosed in the report: both camera models have (1) a built-in file transfer protocol server that contains a hard-coded account password (an empty password, by the way) that can’t be changed by the user, (2) a hidden and undocumented telnet function that allows attackers to expand the device capabilities, and (3) incorrect permissions assigned to programming scripts that run each time the device starts.
Hackers could exploit all three of these flaws in a way “to allow the attacker persistent remote access to the device,” the report explained. “The empty password on the FTP user account can be used to log in. The hidden Telnet functionality can then be activated. After this, the attacker can access the world-writable (non-restricted) file that controls which programs run on boot, and the attacker may add his own to the list. This allows the attacker persistent access, even if the device is rebooted. In fact, the attack requires the device to be rebooted, but there is a way to force a reboot as well.”