Somebody's watching! When cameras are more than just 'smart' (Mar 12, 2018)
Multiple vulnerabilities were found in a popular brand of smart camera, according to Kaspersky Lab ICS CERT researchers. The "Hanwha SmartCam" is a camera that captures video, has a motion sensor, night vision, and communicates with a cloud based service. The vulnerabilities found include: use of HTTP for firmware updates, feature of remote execution of commands with root privileges, authentication bypass, and restoration of camera password for the cloud account. The implications can lead to situations such as an actor taking control of any camera connected to the cloud and watch what is happening or using the camera for cryptocurrency mining.
Recommendation: The researchers have contacted Hanwha about the vulnerabilities. At the time of writing, 10 of the vulnerabilities have been patched. About 2000 cameras have been found on the internet with a public IP address. It is recommended that IoT devices are placed behind a firewall or network address translation and placed within a Virtual Local Area Network (VLAN).
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.