Amazon’s highly acclaimed Security System Guardzilla has recently been in news for all the wrong reasons. The E-Commerce giant’s proprietary product Guardzilla, an indoor smart security camera’s recordings have been discovered to be affected by a hardcoded credential vulnerability. According to reports, these can be accessed by third parties.
The security camera uploads the recorded videos onto Amazon’s cloud storage system. Although you may assume this remains accessible only to the concerned users, that’s not the case.
Guardzilla is an indoor vigilance camera based IoT device. Hardcoding seems to be the root cause for this vulnerability. Such archaic practices make it convenient for a hacker to break into the systems using a hardcoded password, the vulnerability has been given CVE-2018-5560. and has been rated with an 8.6 CVSS score.
Amazon fails to Respond
According to reports, Researcher Tod Beardsley claims to have attempted to get in touch with the E-Commerce giant about this issue. Unfortunately, Amazon did not address the concerns put forth by Rapid7’s research director.
Since Amazon has not taken any measures to fix the issue, the only immediate solution for Guardzilla users is to refrain from storing their videos on Amazon’s cloud storage. To do this, you need to disable that particular option.
IoT concerns have become quite common, despite Government Agencies constantly working towards ensuring cyber security in this zone. By 2020, the IoT regulations in California will begin to restrict the circulation of IoT devices that fail to provide adequate data security and protect the privacy of its users. That leaves manufacturers with no choice except to either improve their product or to withdraw it from the market.