New research has thrown up a worrying scenario – hundreds of brands of security cameras, baby monitors, and “smart” doorbells have serious vulnerabilities that allow hackers to hijack devices and spy on their owners.
Paul Marrapese, an OSCP-certified security engineer from the Bay Area, California, USA, who was part of the independent research has posted that affected devices use “peer-to-peer” features (also known as “P2P”) that allow users to connect to their devices the moment they come Online. Hackers are able to exploit flaws in these features to rapidly find vulnerable cameras, then launch attacks to access them – all without the owner’s knowledge.
Over 2 million vulnerable devices have been identified on the Internet, including those distributed by HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and HVCAM. Affected devices use a component called iLnkP2P. Unfortunately, iLnkP2P is used by hundreds of other brands as well, making identification of vulnerable devices difficult, said Paul.
iLnkP2p is bundled with millions of Internet of Things (IoT) devices.
What is P2P? What is iLnkP2P?
P2P is a feature included in many devices that allows them to be accessed without any manual configuration. By using a special serial number known as a UID, users may instantly connect to their device from their phone or computer. A main selling point of P2P devices is that they do not require port forwarding or dynamic DNS in order to be accessed, and are capable of overcoming NAT and firewall scenarios automatically.
iLnkP2P is one of several P2P solutions utilized by device manufacturers. It was developed by Shenzhen Yunni Technology Company, Inc.
For more on this click here.
Image Credit: hacked.camera