-Advertisement-
Image from Iconfinder
Researchers have established that many popular smart cameras have inbuilt vulnerabilities which can leave them vulnerable to hackers. The latter can then compromise other parts of the network the device is connected to.
Kaspersky team of researchers said in a blog post that hackers can use the administrator’s password, execute arbitrary code on the camera, gain access to an entire Cloud of cameras and take control of it, or build a botnet of vulnerable cameras. An attacker can gain access to an arbitrary SmartCam as well as to any Hanwha smart cameras.
An initial analysis using publicly available sources showed that there are almost 2,000 of these cameras on the Internet with public IP addresses, the security experts revealed.
The team looked at the Hanwha SNH-V6410PN/PNW smart camera. This device is capable of capturing video with resolutions of 1920×1080, 1280×720 or 640×360, it has night vision capability and a motion sensor, and supports two-way communication, i.e. apart from capturing video and sound it can also produce sound using an in-built speaker.
The camera works via a Cloud-based service; in other words, it doesn’t connect directly to a device such as a computer. It is configured by creating a wireless hotspot on the camera and connecting it to the main router via Wi Fi. Users can control the camera from their smartphones, Tablets or computers. It should be noted that the camera’s data can only be uploaded to the Cloud; there is no other way of communicating between the user and the camera.
So what are the implications for a regular user?
A remote attacker can gain access to any camera and watch what’s happening, send voice messages to the camera’s on-board speaker, use the camera’s resources for cryptocurrency mining, etc. A remote attacker can also put a camera out of service so it can no longer be restored, the team added.