Amazon’s Guardzilla Found to Have a Critical Vulnerability

  • 186
  •  
  •  
  • 1
  •  
  •  
  •  
    187
    Shares

Amazon’s highly acclaimed Security System Guardzilla has recently been in news for all the wrong reasons.  The E-Commerce giant’s proprietary product Guardzilla, an indoor smart security camera’s recordings have been discovered to be affected by a hardcoded credential vulnerability. According to reports, these can be accessed by third parties.

The security camera uploads the recorded videos onto Amazon’s cloud storage system. Although you may assume this remains accessible only to the concerned users, that’s not the case.

The Concerns

Guardzilla is an indoor vigilance camera based IoT device. Hardcoding seems to be the root cause for this vulnerability. Such archaic practices make it convenient for a hacker to break into the systems using a hardcoded password, the vulnerability has been given CVE-2018-5560. and has been rated with an 8.6 CVSS score.

Amazon fails to Respond

According to reports, Researcher Tod Beardsley claims to have attempted to get in touch with the E-Commerce giant about this issue.  Unfortunately, Amazon did not address the concerns put forth by Rapid7’s research director.

The Solution

Since Amazon has not taken any measures to fix the issue, the only immediate solution for Guardzilla users is to refrain from storing their videos on Amazon’s cloud storage. To do this, you need to disable that particular option.

IoT concerns have become quite common, despite Government Agencies constantly working towards ensuring cyber security in this zone.  By 2020, the IoT regulations in California will begin to restrict the circulation of IoT devices that fail to provide adequate data security and protect the privacy of its users. That leaves manufacturers with no choice except to either improve their product or to withdraw it from the market.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!