Authentication bypass bug exposes Foscam webcams to unauthorized access
Remote users can access the video stream without a username and password
IDG News Service - The software used by many wireless IP cameras manufactured by Foscam Digital Technologies has a vulnerability that allows remote users to access their video streams and take snapshots without proper authentication.
The issue was reported on the Foscam technical support forum this week by the owner of a Foscam FI8905W Wireless IP Camera that's built for outdoor environments.
"I discovered fairly early in my testing, that the user could just press OK in the dialogue window without filling in a user or password and they would be taken to the image," a user with the nickname SENWiEco said Monday. The camera was running the latest firmware version at the time -- 188.8.131.52, he said.
A regular forum user and software developer named Don Kennedy who uses the nickname TheUberOverLord subsequently investigated the issue and concluded that other indoor and outdoor camera models from Foscam's MJPEG series have the same issue. Kennedy tracked down the problem to the software's user management system.
Foscam MJPEG cameras support as many as eight separate user accounts with different privileges: Administrator, Operator and Visitor. The user administration interface has eight user ID fields, but only one of them is configured by default with user name "admin" and privilege Administrator. The rest are blanked out and have the Visitor privilege assigned by default.
According to Kennedy, if any of the eight user slots is left empty -- with no username and password configured -- it's possible to access the camera by simply hitting OK on the authentication prompt. This will give the remote user Visitor privileges and allow them to access video streams with or without audio, take snapshots and execute any CGI commands available to the Visitor access level.
A workaround is to manually configure user names and passwords for all eight user ID fields, Kennedy said. However, this has the downside of exposing the camera to denial-of-service attacks.
According to Kennedy, there's a second bug that causes the camera to freeze after a certain number of failed attempts to access the camera without a user name and password. In this happens, the camera owner might need to restart the camera by powering it down and back up, he said.
This could be inconvenient, especially since many of these cameras are set up so they can be monitored remotely, so their owners might not immediately have physical access to them.
The issue appears to be restricted to system firmware version .54 for the MJPEG Indoor and Outdoor camera models, Kennedy said Monday on the forum. "The following MJPEG based camera models have a system firmware version of .54 currently released: FI8904W, FI8905E, FI8905W, FI8906W, FI8907W, FI8909W, FI8910E, FI8910W, FI8916W, FI8918W and FI8919W," he said at the time.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts