Skip to main content

Vulnerabilities in smart IP cameras expose users to privacy, security risks

(Image credit: Image Credit: Wright Studio / Shutterstock)

The global smart camera market is predicted to grow at a CAGR of 8 per cent over the period of 2018-2023, reaching an estimated $2 billion. While IP cameras are nothing new, smart cameras pack new features that make them more appealing to users.

With features from face recognition to various image sensors and connectivity options, such as Bluetooth and Wi-Fi, smart cameras can detect human behaviour and even vehicle number plates, making them a perfect residential or commercial surveillance or tool.

Experts forecast than 45 billion cameras will dot the world by 2022, and a large percentage of them will be smart cameras. For years, security researchers have found a plethora of vulnerabilities in smart cameras, warning consumers and manufacturers of the dangers that attackers could control them remotely and spy on owners, affect the overall security of home networks, or even impact the global internet infrastructure.

Ever since Mirai, one of the largest IoT botnets, comprised of an estimated 600,000 vulnerable cameras and devices remotely controlled by threat actors to perform a massive denial of service on critical internet infrastructure services, cybercriminals have started focusing on amassing large botnets of smart internet connected devices.

For instance, IoT botnets such as Hide and Seek have steadily been updated with new vulnerability-exploiting capabilities, amassing smart cameras, IPTV cameras, and DVRs, but also Android devices with unpatched vulnerabilities. The larger the botnet, the more damage it can do to infrastructures through denial of service attacks.

Bitdefender researchers recently analysed a series of four smart cameras, only to find that all of them have several vulnerabilities that criminals could remotely exploit to tamper with, control, or fully compromise them.

One camera analysed was the Keekoon KK005. After analysing the firmware’s images on the vendor’s website, our researchers concluded that all the vendor’s cameras are affected, more or less, by several vulnerabilities. From LAN (Local Area Network) backdoors, authentication bypass, and multiple stack overflows, all the way to command injection and hidden command execution forms.

Another camera, the Tenvis TH661 Home Camera, was found susceptible to a series of authentication bypass vulnerabilities, enabling attackers to remotely gain control of devices, decommission them, or even use them as espionage tools. This means that, the more sensors and features a camera has, such as infrared, motion detection, microphones, or the ability to store recoded streams onto an external source, the more options it gives attackers in terms of espionage and surveillance.

The Reolink C1 Pro Camera has also been found harbouring a wide range of firmware vulnerabilities that could allow threat actors to remotely tap into them. While these are for both indoor and outdoor use, the vulnerabilities found would allow attackers to not only get the users’ email credentials if email alerts are set, but also collect Wi-Fi credentials, inject commands, and even bypass the entire authentication process and directly interact with the device. This model has several vulnerabilities that attackers can exploit easily, so they could use is as a gateway into a user’s home network – as the camera is normally connected to the same Wi-Fi network as all other devices – and from there expand their foothold and collect additional sensitive information.

The final smart camera analysed, the Geenker HD IP Camera, is a night vision-powered surveillance device that also has two-way audio capabilities, making it an attractive option for home users who want to beef up their home surveillance capabilities. However, our researchers have found it harbours a system backdoor, hardcoded credentials over Telnet, and a number of buffer overflow vulnerabilities that allow threat actors to remotely execute commands. An authentication bypass vulnerability also lets attackers alter camera settings simply by accessing any page other than the root page.

Exploitation of the vulnerabilities found could enable attackers to remotely control a relatively large number of smart cameras, which they can later use either to move laterally across networks and extract sensitive information from other devices on the network, extort victims by capturing sensitive and private images from their own homes, or even instruct them to perform massive denial of service attacks and ask for ransom to stop the assaults.

Smart camera security starts with the right mindset

While you may not look at smart cameras as a security threat, the fact they’re internet connected and can be remotely managed via an application makes them viable targets for threat actors. While few manufacturers seem interested in pushing security updates once known vulnerabilities have been patched, it’s important to find out which vendors have a clear and timely patching and updating policy.

Equally important is to change default usernames and passwords when setting up these new devices, as attackers will often perform bruteforce attacks – a process through which they automatically try out known usernames and password combinations – to remotely connect and seize control over them.

While these devices might not work with traditional security solutions -- the way your laptops, smartphones or tablets are protected -- there are home network security solutions that come with advanced exploit protection and vulnerability assessment technologies that can keep an eye on network-connected IoTs and smart cameras. They can prevent attackers from dialling in, and they can notify users when new security updates are available, and even when devices start behaving strangely.

The implications of vulnerabilities in smart cameras are not be ignored, as you can risk much more than just having it bricked or used as a gateway to attack other devices in your home network. It can also be used as a means for spying on you and your family in the comfort of your own home.

Liviu Arsene, Global Cybersecurity Researcher, Bitdefender (opens in new tab)
Image Credit: Wright Studio / Shutterstock

Liviu Arsene is a Senior E-threat Analyst for Bitdefender with a strong background in security. Reporting on global trends and developments in computer security, Liviu’s focus is on malware outbreaks and security incidents while coordinating with technical and research departments.