View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

New security vulnerabilities found in smart devices

Smart camera devices open to hackers after network vulnerabilities have been discovered.

By April Slattery

Kaspersky Lab security researchers have admitted to finding multiple security vulnerabilities across popular smart devices.

According to research from the company the uncovered flaws could allow attackers to obtain remote access to video and audio feeds from the smart cameras, which are used frequently for baby monitors or internal home and office security surveillance. The vulnerabilities enabled the devices to be remotely disabled and execute malicious code on devices.

The security researchers found that the devices had been vulnerable to the malware due to an insecurely designed cloud system, which was open to easy interference. The system was initially designed to allow users to remotely access video from their devices anywhere; instead it resulted in vulnerabilities and attacks on their devices.

Those devices that were affected by the vulnerabilities could cause chaos for users, allowing malicious users to carry out various types of attacks. ‘Hackers’ could access video or audio feeds from any camera connected to the vulnerable source as well as gaining access to the camera to use as a entry point for further attack and also steal personal information such as login credentials.

Whilst carrying out research into the vulnerabilities and devices hacked, Kaspersky Lab experts identified a total of 2,000 vulnerable cameras working online. However, these were cameras just with their own individual IP address directly available through the internet. Therefore, the actual number of vulnerable devices could be significantly higher.

“The problem with current IoT device security is that both customers and vendors mistakenly think that if you place the device inside your network, and separate it from the wider internet with the help of a router, you will solve most security problems – or at least significantly decrease the severity of existing issues,” said Vladimir Dashchenko, head of vulnerabilities research group, Kaspersky Lab ICS CERT.

“In many cases this is correct: before exploiting security issues in devices inside of a targeted network, one would need to gain access to the router. However, our research shows that this may not actually be the case at all: given that the cameras we investigated were only able to talk with the external world via a cloud service, which was totally vulnerable.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?
UK Gov’t review safety of self-driving technology
MWC explored smart cities of the future
Why the devices are simple for cyber security

Hanwha Techwin, the manufacturer of the affected cameras said that some vulnerability had been fixed, with the remaining ones set to be completely fixed soon.

“The security of our customers is the highest priority for us. We have already fixed the camera’s vulnerabilities and we have released updated firmware available to all our users. Our company actively collaborates with vendors and reports all discovered vulnerabilities. Some vulnerabilities related to the cloud have been recognised and will be fixed soon,” Hanwha Techwin said, in response to Kaspersky’s findings.

The discovery comes just days after the UK Government has called for more security features to be added to smart devices, to protect users.

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU