Samsung IP Camera
Webcams and other Internet-connected camera systems have made headlines over the past few years, as developers have not provided enough protection against attacks. As Kaspersky reports, it has discovered serious gaps in the IP camera SNH-V6410PN / PNW. It is a widespread model is distributed in Europe by Samsung. As the security researchers say, the analysis suggests that it affects all devices connected to the manufacturer’s cloud service.
According to Kaspersky, the described attack on the cameras requires the attackers to know serial numbers of devices – a targeted attack on individual models would mean a higher level of research effort. However, such serial numbers are very easy to get, the experts say. In the first sample around 2000 cameras worldwide could be identified in the network, which could be controlled via the gap.
If such a camera is identified by an attacker, the latter can access video and sound in real time or even play sounds via the built-in speaker. In addition, it is possible to completely disable or even permanently destroy the devices. Since own code can be inserted at will, the integration into an IoT botnet is also possible. The Korean manufacturer Hanwha Techwin (former Samsung subsidiary) has promptly responded to Kaspersky’s advice and stated that “in the near future” it will close all gaps in its cameras.
Specifically, the problem is apparently due to an insecure connection of the cameras to the cloud service of the manufacturer. The Linux-based ARM devices are connected to the user via an app to the wireless router and can then be managed and controlled via the cloud. As explained in the report, the manufacturer uses a Jabber server on which chat rooms are set up for each camera type. Cameras with an online connection are logged in the corresponding chat room and wait for commands. The problem: The Kaspersky researchers were able to set up any new users on the server and thus gain access to third-party cameras.