OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


18 Security cameras insecure

An Original Equipment Manufacturer (OEM) for at least 18 different security cameras open to many serious security flaws. The China-based company Foscam (there's something about that name), makes the guts for security cameras sold by 18 different companies. Sadly their firmware is filled with security flaws that allow outsiders to access the cameras and watch you or otherwise use and control them, including possible access to your network.

The firmware isn't getting fixed. Furthermore, the attackers can do a firmware "upgrade" to install their own software in your camera which could do anything.

Some of the many mistakes they made were:
  • A hard coded blank password that you cannot change, which allows file transfers!
  • Hidden undocumented features that allow the attacker to "add features"
  • Excessive permissions were given to scripts running when the devices start

What to do?

My best advice is to avoid all Internet of Things (IOT) devices unless absolutely essential. Wait a few more years until they figure out how to make them properly. If you must have the IOT device then put it on a separate network, or at least on a guest network. Change the default passwords. Check for security updates.

The first thing to do when looking to buy one of them is to determine how often they have provided security updates. If they aren't fixing their products security holes, then don't get the product. They can always make it cheaper by not fixing the security flaws.

Further Reading:

Date: July 2017

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster