Posted on August 1, 2017 at 12:10 PM
A massive security vulnerability has been found in 100,000 Internet-connected cameras that makes the accessible from the open web and used for various malicious operations like surveillance and hijacking other devices on the same network.
Even more Internet of Things devices have been found to contain a flaw that grants easy access to hackers – this time they are two cameras in Chinese manufacturer Shenzhen Neo Electronics’ NeoCoolCam range.
The flaws make it trivial for hackers to take control over the devices in question, said Researchers at Bitfender. Currently, 175,000 devices are connected to the internet and vulnerable. Shodan IoT device search engine managed to detect between 100,000 and 140,000 of them.
Because of how easy it is to find these devices online and how affordable they are (some of them costing under $39), NeoCoolCam devices are all over the world, not just limited to China anymore.
In a research paper, Bitdefender spoke of the bad quality of the firmware in the IoT devices and how when paired with the bug that is affecting the authentication mechanism and the massive amount of affected devices it is understandable just how big of a problem this can become.
The researchers studied two cameras, the NIP-22 and the iDoorbell model, and found that both of them contain various buffer overflow vulnerabilities. These flaws can be exploited for remote execution on the device – because the attacker doesn’t need to be logged in since even just the attempt at a login can provide access.
Bogdan Botezatu, the senior e-threat analyst at Bitdefender, said that the manipulation of the login and password fields can allow the attacker to make commands and trick the camera into executing them while it attempts to perform the authentication. Botezatu continued by saying that what makes it a big vulnerability is because it stops the user from logging in.
These vulnerabilities open a pass for the rest of the network and possible compromise of other devices found on it, according to the researchers. Because the attacker can execute code on the devices, it makes it possible for a hacker to use cameras to get into the internal network.
Two types of attack have been made on the cameras – one affected the web server on the cameras and another affected the Real Time Streaming Protocol Server.
The cause of the camera web server vulnerability can be found in the HTTP service that can be triggered by the way the application processes the username and password information at login.
Using the weakness they discovered to their advantage, the researchers managed to monitor the activity on the camera in question and even overwrite the password, which would mean that the camera was hacker’s now and he could easily use it for espionage purposes if they wanted to.
Researchers discovered a second vulnerability in the camera’s Rapid Spanning Tree Protocol (RSTP) server, in which a vulnerability around authorization was found which would allow access to the device.
As Bitdefender says, the vulnerabilities found on the two models are almost identical. Bitdefender says they contacted the company in May, and yet the company hasn’t responded.