Menu
Study of another IP camera reveals serious problems

Study of another IP camera reveals serious problems

Patches have been released now

An in-depth analysis of yet another Internet-connected security camera has revealed a host of software problems.

Alex Farrant and Neil Biggs, both of the research team for Context Information Security in the U.K, analyzed Motorola's Focus 73, an outdoor security camera. Images and video taken by the camera can be delivered to a mobile phone app.

They found they could take control of the camera remotely and control its movement, redirect the video feed and figure out the password for the wireless network the device is connected to.

One attack exploits a cross-site request forgery problem. It was possible to scan for camera connected to the Internet and then get a reverse root shell.

By tampering with DNS settings, they could intercept the alerts that the camera sends to its owner. The attack code that could enable that tampering could be planted on a Web page, they wrote in a blog post.

"If someone were to view a web page containing the snippet of script, it could compromise and subvert every vulnerable camera on their network automatically," they wrote. "Surveillance indeed."

The DNS trick meant they can also see FLV video clips that would normally be sent to a cloud storage service used by the device.

The Motorola Focus 73, which is actually manufactured by Binatone, also had a problem when connecting to a home Wi-Fi network.

When a person's home network is selected from a list, "you must enter your private Wi-Fi security key, which is then broadcasted unencrypted over the open network," they wrote.

Then there's a firmware issue. The firmware was written by a company called CVision. It appears to be generic code that was used in other kinds of IP cameras, "presumably to reduce development and support costs," they wrote.

The firmware is not encrypted or digitally signed. The research team added a backdoor to its code, which they could then upload to the camera.

"Firmware should be signed and encrypted as a minimum to stop bad firmware uploads or tampering," they wrote. "Failure to do this not only carries security risks but also business risks."

Context notified Motorola Monitors of the issues in early October. Since then, Motorola and partners that have built software for the device -- including Bintone, Hubble Connected, Nuvoton and CVision -- have worked on patches.

Firmware updates were released a month later, and more fixes "are currently being rolled out to customers' cameras via an automated update process," they wrote.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments