IoT cameras have major security vulnerabilities, says Bitdefender

Madeleine Dean By: Madeleine Dean
2 minute read

Bitfedender recently detected major privacy vulnerabilities in IoT cameras that allow hackers to hijack and turn these devices into full-fledged spying tools.

The camera analyzed by Bitdefender is used for monitoring purposes by many families and small businesses. The device includes standard monitoring features, such as a motion and sound detection system, two-way audio, built-in microphone and speaker, and temperature and humidity sensors.

The security vulnerabilies can easily be exploited during the connection process. The IoT camera creates a hotspot during configuration via a wireless network. Once installed, the corresponding mobile application establishes a connection with the device’s hotspot and connects to it automatically. The app user then introduces the credentials and the setup process is complete.

The problem is that the hotspot is open and no password is required. Moreover, the data circulating between the mobile application, IoT camera and server is not encrypted. And to make things worse, Bitdefender also detected that the network credentials are sent in plain text from the mobile app to the camera.

When the mobile app connects remotely to the device, from outside the local network, it authenticates through a security mechanism known as a Basic Access Authentication. By today’s security standards, this is considered an insecure method of authentication, unless used in conjunction with an external secure system such as SSL. Usernames and passwords are passed over wire in an unencrypted format, encoded with a Base64 scheme in transit.

As a result, an attacker can impersonate the genuine device by registering a different device, with the same MAC address. The server will connect with the device that registered last, and so will the mobile app. In this manner, attackers can capture the webcam’s password.

Anyone can use the app, just as the user would. This means turning on audio, mic and speakers to communicate with children while parents aren’t around or having undisturbed access to real-time footage from your kids’ bedroom. Clearly, this is an extremely invasive device, and its compromise leads to scary consequences.

In order to avoid privacy breaches, do a thorough research before buying an IoT device and read online reviews that may reveal privacy issues. Secondly, install a cybersecurity tool for IoTs, such as Bitdefender’s Box. These tools will scan the network and block phishing attacks and other threats.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Discussions

Next up

Mozilla adds alerts about recently breached sites into Firefox browser

Giles Ensor avatar. By: Giles Ensor
3 minute read

Firefox has announced that it will start to warn users if they visit any breached sites. This is in an attempt to not only make […]

Continue Reading

More uncertainty for Microsoft’s Windows 10 October Update

Giles Ensor avatar. By: Giles Ensor
3 minute read

Oh dear. It’s been a pretty bad month for Microsoft concerning its Windows 10 October 1809 Update release. Microsoft eventually released the update a couple […]

Continue Reading

Confirmed: Microsoft now accepting ARM64 apps on its Store

Giles Ensor avatar. By: Giles Ensor
2 minute read

Yesterday, Microsoft released Visual Studio 15.9. With it came the announcement that “developers now have the officially supported SDK and tools for creating 64-bit ARM […]

Continue Reading