Researchers from Kaspersky Lab ICS CERT discovered a wide range of severe security vulnerabilities which could turn a popular smart camera into a surveillance tool for someone else. This specific model of camera is pimped as doubling as a baby monitor in addition to being used for “general security purposes” in homes and offices. Yet the 13 critical flaws could allow attackers to remotely take control of the cameras – access video and audio feeds, remotely “brick” the devices, use the cameras for mining cryptocurrencies, use them as an entry-point to launch attacks on local and external networks, and much more.

The vulnerabilities were in HanWha Techwin’s SNH-V6410PN/PNW security cameras; while you may not have heard of Hanwha Techwin, you have definitely heard of Samsung. Kaspersky explained, “These problems exist not only in the camera being researched but all manufacturer’s smart cameras manufactured by Hanwha Techwin. The latter also makes firmware for Samsung cameras.”

To clarify, Kaspersky told me that before 2018, Hanwha was using Samsung as a brand name; the cameras were part of Samsung’s SmartCam line of products. Hanwha is now separate company.

The camera, which has night vision and a motion sensor, can capture video, supports two-way communication and has a built-in speaker. It works with a cloud-based service and can be controlled via smartphones, tablets or computers. Kaspersky Lab identified multiple vulnerabilities in the affected camera’s firmware and cloud implementation. In fact, the architecture of the cloud service was even vulnerable.

Source link



Please enter your comment!
Please enter your name here