IoT Home Security Camera Allows Hackers to Listen In Over HTTP (Jul 31, 2019)
Researchers at Tenable have identified a vulnerability in the Amcrest IP2M-841B camera, a camera used for home security. The vulnerability, assigned “CVE-2019-3948,” can allow for unauthenticated remote listening to the camera’s feed. Using a script, a threat actor can extract the audio from the camera feed. The camera, currently for sale on Amazon, has around 12,000 customer reviews and can be used with a smartphone, with the footage being sent to the cloud.
Recommendation: The security update should be applied as soon as possible due to the potential for this vulnerability to be exploited.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.