18 Security cameras insecure

An Original Equipment Manufacturer (OEM) for at least 18 different security cameras open to many serious security flaws. The China-based company Foscam (there's something about that name), makes the guts for security cameras sold by 18 different companies. Sadly their firmware is filled with security flaws that allow outsiders to access the cameras and watch you or otherwise use and control them, including possible access to your network.

The firmware isn't getting fixed. Furthermore, the attackers can do a firmware "upgrade" to install their own software in your camera which could do anything.

Some of the many mistakes they made were:

A hard coded blank password that you cannot change, which allows file transfers!
Hidden undocumented features that allow the attacker to "add features"
Excessive permissions were given to scripts running when the devices start

What to do?

My best advice is to avoid all Internet of Things (IOT) devices unless absolutely essential. Wait a few more years until they figure out how to make them properly. If you must have the IOT device then put it on a separate network, or at least on a guest network. Change the default passwords. Check for security updates.

The first thing to do when looking to buy one of them is to determine how often they have provided security updates. If they aren't fixing their products security holes, then don't get the product. They can always make it cheaper by not fixing the security flaws.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		18 Security cameras insecure An Original Equipment Manufacturer (OEM) for at least 18 different security cameras open to many serious security flaws. The China-based company Foscam (there's something about that name), makes the guts for security cameras sold by 18 different companies. Sadly their firmware is filled with security flaws that allow outsiders to access the cameras and watch you or otherwise use and control them, including possible access to your network. The firmware isn't getting fixed. Furthermore, the attackers can do a firmware "upgrade" to install their own software in your camera which could do anything. Some of the many mistakes they made were: A hard coded blank password that you cannot change, which allows file transfers! Hidden undocumented features that allow the attacker to "add features" Excessive permissions were given to scripts running when the devices start What to do? My best advice is to avoid all Internet of Things (IOT) devices unless absolutely essential. Wait a few more years until they figure out how to make them properly. If you must have the IOT device then put it on a separate network, or at least on a guest network. Change the default passwords. Check for security updates. The first thing to do when looking to buy one of them is to determine how often they have provided security updates. If they aren't fixing their products security holes, then don't get the product. They can always make it cheaper by not fixing the security flaws. Further Reading: ArsTechnica article with list of vulnerable products Original 12 page F-Secure PDF Report Date: July 2017 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk

Keeping clients' computers safe and profitable for over 30 years

18 Security cameras insecure

What to do?

Further Reading: