Multiple Vulnerabilities In Axis Cameras Allow Hackers To Take Control

IoT devices have always been on the verge of cyber attacks owing to their reliance on the internet. While people focus more towards smart TVs and other IoT based devices, a few researchers have discovered vulnerabilities in IoT cameras. These vulnerabilities in the Axis cameras would allow the hackers to take complete control of the devices. However, the makers have released the fixes for each flaw.

Hundreds Of Axis Cameras Vulnerable To Hacking

The researchers from VDOO, while looking into IoT devices, have discovered critical vulnerabilities in Axis cameras. They have already shared the details with the vendors to let them fix the bugs.

“For the past several months, VDOO’s security research teams have been undertaking broad-scale security research of leading IoT products, from the fields of safety and security,”

states a blog post by VDOO.

In case of Axis, the researchers discovered seven different vulnerabilities that empower the hackers to take complete control of the cameras. They have given separate PoCs for each of these flaws.

“Our team discovered a critical chain of vulnerabilities in Axis security cameras. The vulnerabilities allow an adversary that obtained the camera’s IP address to remotely take over the cameras (via LAN or internet).”

Here is the list of the seven vulnerabilities reported by the researchers.

  • CVE-2018-10658
  • CVE-2018-10659
  • CVE-2018-10660
  • CVE-2018-10661
  • CVE-2018-10662
  • CVE-2018-10663
  • CVE-2018-10664

Together, the three vulnerabilities CVE-2018-10661, CVE-2018-10662, and CVE-2018-10660 (when exploited in the same order) can help trigger an attack. Whereas, the rest of the bugs give other perks to the hackers. These include providing access to the video stream, ability to freeze streaming, controlling the camera lens’ motion, altering the software of the camera, adding it to a botnet, exploiting it for other malicious activities (including crypto mining, DDoS attacks, etc.), or simply making it entirely useless. (Thus, leaving you at risk of burglars too!)

The researchers have listed out all 390 faulty models of Axis cameras along with the patch released to fix the vulnerability.

Patches Released For The Vulnerabilities

Fortunately, Axis Communications have released the fixes for all these flaws in time. As the researchers claim, none of these vulnerabilities have been exploited yet. So, the users should upgrade their device firmware with the latest versions at the earliest opportunity.

“To the best of our knowledge, these vulnerabilities were not exploited in the field, and therefore, did not lead to any concrete privacy violation or security threat to Axis’s customers. We strongly recommend Axis customers who did not update their camera’s firmware to do so immediately or mitigate the risks in alternative ways.”

VDOO has carried out a broad-scale research on various IoT products from different vendors. Earlier, it published the first report of this trial, in which it disclosed the vulnerabilities of Foscam. The researchers state that they will continue to put up these reports online as the disclosure periods end. Nonetheless, they have already informed all the vendors about the flaws. though, they are not the first to report such issues. Last year, researchers from Bitdefender pointed out some critical bugs in IP cameras that made them vulnerable to hacking.

Let us know your thoughts in the comments section.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients