These two IP cameras are full of vulnerabilities

By on
These two IP cameras are full of vulnerabilities

Checkmarx researchers said a pair of IP-enabled security cameras have nearly two dozen flaws that would make them vulnerable to attack.

Loftek DSS-2200 and VStarcam C7837WIP, manufactured in China and aimed at the consumer market, also can be pressed into service as botnets to execute distributed denial of service (DDoS) attacks, according to report by Threatpost.

The vulnerabilities found are indicative of problems with IP-enabled cameras – including hardcoded credentials, no way to update firmware, and flagging HTTPS support, the report said, and were immediately apparent when researchers first conducted a scan.

By taking advantages of these bugs, “A malicious user can exploit your device to track your day-to-day, know when you're home or out, steal your email information, steal your wireless connection, gain control of other connected devices, use your camera as a bot, listen in to your conversations, record video, and more,” Checkmarx warns in its report, which is accessible via a corresponding blog post.

More than 1.3 million of the cameras have been sold, with 200,000 of those in the US and Australia alsoamong the countries identified.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The most over-hyped technology trend of 2019 is...
Blockchain
AI
IoT
Everything-as-a-service
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?