Popular IP Cameras vulnerable to remote attacks

  • 241
  •  
  •  
  • 1
  •  
  •  
  •  
    242
    Shares

Bitdefender security researchers have discovered many buffer overflow bugs affecting the web server service and the Real Time Streaming Protocol (RTSP) server of iDoorbell and Neo Coolcam NIP-22 cameras, these vulnerabilities could enable remote code execution on the device under certain conditions. This type of vulnerabilities is also present on the gateway which controls the sensors and alarms.

According to Bitdefender:
“Several buffer overflow vulnerabilities (some before authentication) are present in the two cameras studied, the iDoorbell model and NIP-22 model, but we suspect that all cameras sold by the company use the same software and are thus vulnerable.”

Both tested cameras can be accessed from the outside world through UPnP to open ports on the router. Bitdefender researchers used the Shodan search engine to find all cameras discoverable from the Internet. They found between 100,000 and 140,000 devices when searching for the HTTP web server, and a similar number when searching for the RTSP server.

Bitdefender believes that there are about 175,000 unique devices that may be vulnerable to attacks based on Shodan results. Attackers can exploit the vulnerabilities to execute arbitrary code and take control of the vulnerable devices.

“The Internet of connected things has changed the way we interact with our homes, offices or even with our own bodies. But although connected devices are sold mostly everywhere, some manufacturers don’t dwell on the security aspects, but rather focus on features and time to market.”

 

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!