Surveillance camera vulnerabilities

April 2018 Information Security

Kaspersky Lab researchers have discovered multiple security vulnerabilities in popular smart cameras that are frequently used as baby monitors, or for internal home and office security surveillance. According to the research, the uncovered flaws could allow attackers to obtain remote access to video and audio feeds from the cameras, remotely disable these devices, execute arbitrary malicious code on them and do many other things.

Modern smart cameras contain an advanced number of functions, providing users with various opportunities: people can use them as advanced baby monitors or for surveillance systems which spot intruders while no one is home or in the office. But, are these cameras secure enough by design and what if such a smart camera started watching you, instead of watching your home?

Previous analysis conducted by many other security researchers has shown that smart cameras in general tend to contain security vulnerabilities at different levels of severity. However, in their latest research, Kaspersky Lab experts uncovered something extraordinary: not just one, but a whole range of smart cameras was found to be vulnerable to a number of severe remote attacks. This was due to an insecurely designed cloud-backbone system that was initially created to enable the owners of these cameras to remotely access video from their devices.

By exploiting these vulnerabilities, malicious users could execute the following attacks:

• Access video and audio feeds from any camera connected to the vulnerable cloud service;

• Remotely gain root access to a camera and use it as an entry-point for further attacks on other devices on both local and external networks.

• Remotely upload and execute arbitrary malicious code on the cameras;

• Steal personal information such as users’ social network accounts and information which is used to send users notifications.

• Remotely ‘brick’ vulnerable cameras.

Following the discovery, Kaspersky Lab researchers contacted and reported the vulnerabilities to Hanwha Techwin, the manufacturer of the affected cameras. At the time of publication, some vulnerabilities had already been fixed, and the remaining vulnerabilities are set to be completely fixed soon, according to the manufacturer.

All these attacks were possible because experts found that the way the cameras interacted with the cloud service was insecure and open to relatively easy interference. They also found that the architecture of the cloud service itself was vulnerable to external interference.

It is important to note that such attacks were only possible if attackers knew the serial number of the camera. However, the way in which serial numbers are generated is relatively easy to find out through simple brute-force attacks: the camera registering system didn’t have brute force protection.

While doing their research, Kaspersky Lab experts were able to identify almost 2 000 vulnerable cameras working online, but these were only the cameras that had their own IP address, hence were directly available through the Internet. The real number of vulnerable devices placed behind routers and firewalls could actually be several times higher.

In addition, researchers found an undocumented functionality, which could be used by the manufacturer for final production test purposes. However, at the same time criminals could use this hidden avenue to send wrong signals to any camera or change a command already sent to it. Besides that, the feature itself was found to be vulnerable. It could be further exploited with a buffer overflow, potentially leading to the camera’s shutdown. The vendor has now fixed the issue and removed this feature.

“The problem with current IoT device security is that both customers and vendors mistakenly think that if you place the device inside your network, and separate it from the wider Internet with the help of a router, you will solve most security problems – or at least significantly decrease the severity of existing issues. In many cases this is correct: before exploiting security issues in devices inside of a targeted network, one would need to gain access to the router. However, our research shows that this may not actually be the case at all: given that the cameras we investigated were only able to talk with the external world via a cloud service, which was totally vulnerable,” said Vladimir Dashchenko, head of vulnerabilities research group at Kaspersky Lab ICS CERT.

“The interesting thing is that besides the previously-described attack vectors such as malware infections and botnets, we found that the cameras could also be used for mining. While mining is becoming one of the main security threats facing businesses, IoT mining is an emerging trend due to the growing prevalence of IoT devices, and will continue to increase,” he added.

In response to the discovery of the vulnerability, Hanwha Techwin stated: “The security of our customers is the highest priority for us. We have already fixed the camera’s vulnerabilities, including the Remote Upload and Execution of arbitrary malicious code. We have released updated firmware available to all our users. Some vulnerabilities related to the cloud have been recognised and will be fixed soon.”

To stay protected, Kaspersky Lab strongly advises users to do the following:

• Always change the default password. Use a complex one instead and do not forget to update it regularly.

• Pay close attention to security issues of connected devices before purchasing yet another smart device for homes or offices. Information on discovered and patched vulnerabilities is usually available online and is often easy to find.

Kaspersky Lab encourages manufacturers to enhance their cybersecurity and emphasises the importance of ensuring the proper understanding and assessment of threat risks, as well as the development of a secure-by-design environment. Our company actively collaborates with vendors and reports all discovered vulnerabilities.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.