Wireless IP cameras open to hijacking over the Internet, researchers say
Wireless IP cameras from Foscam and other vendors have serious security issues, researchers said at Hack in the Box
IDG News Service - Thousands of wireless IP cameras connected to the Internet have serious security weaknesses that allow attackers to hijack them and alter their firmware, according to two researchers from security firm Qualys.
The cameras are sold under the Foscam brand in the U.S., but the same devices can be found in Europe and elsewhere with different branding, said Qualys researchers Sergey Shekyan and Artem Harutyunyan, who analyzed the security of the devices and are scheduled to present their findings at the Hack in the Box security conference in Amsterdam on Thursday.
Tutorials provided by the camera vendor contain instructions on how to make the devices accessible from the Internet by setting up port-forwarding rules in routers. Because of this, many such devices are exposed to the Internet and can be attacked remotely, the researchers said.
Finding the cameras is easy and can be done in several ways. One method involves using the Shodan search engine to search for an HTTP header specific to the Web-based user interfaces of the cameras. Such a query will return more than 100,000 devices, the researchers said.
The vendors selling these cameras also have them configured to use their own dynamic DNS services. For example, Foscam cameras get assigned a hostname of the type [two letters and four digits].myfoscam.org. By scanning the entire *.myfoscam.org name space an attacker could identify most Foscam cameras connected to the Internet, the researchers said.
Around two out of every 10 cameras allow users to log in with the default "admin" user name and no password, the researchers said. For the rest that do have user-configured passwords, there are other ways to break in.
One method is to exploit a recently discovered vulnerability in the camera's Web interface that allows remote attackers to obtain a snapshot of the device's memory.
This memory dump will contain the administrator user name and password in clear text along with other sensitive information like Wi-Fi credentials or details about devices on the local network, the researchers said.
Even though the vendor has patched this vulnerability in the latest firmware, 99% of Foscam cameras on the Internet are still running older firmware versions and are vulnerable, they said. There is also a way to exploit this vulnerability even with the latest firmware installed if you have operator-level credentials for the camera.
Another method is to exploit a cross-site request forgery (CSRF) flaw in the interface by tricking the camera administrator to open a specifically crafted link. This can be used to add a secondary administrator account to the camera.
A third method is to perform a brute-force attack in order to guess the password, because the camera has no protection against this and the passwords are limited to 12 characters, the researchers said.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!