Menu
Study of another IP camera reveals serious problems

Study of another IP camera reveals serious problems

Patches have been released now

An in-depth analysis of yet another Internet-connected security camera has revealed a host of software problems.

Alex Farrant and Neil Biggs, both of the research team for Context Information Security in the U.K, analyzed Motorola's Focus 73, an outdoor security camera. Images and video taken by the camera can be delivered to a mobile phone app.

They found they could take control of the camera remotely and control its movement, redirect the video feed and figure out the password for the wireless network the device is connected to.

One attack exploits a cross-site request forgery problem. It was possible to scan for camera connected to the Internet and then get a reverse root shell.

By tampering with DNS settings, they could intercept the alerts that the camera sends to its owner. The attack code that could enable that tampering could be planted on a Web page, they wrote in a blog post.

"If someone were to view a web page containing the snippet of script, it could compromise and subvert every vulnerable camera on their network automatically," they wrote. "Surveillance indeed."

The DNS trick meant they can also see FLV video clips that would normally be sent to a cloud storage service used by the device.

The Motorola Focus 73, which is actually manufactured by Binatone, also had a problem when connecting to a home Wi-Fi network.

When a person's home network is selected from a list, "you must enter your private Wi-Fi security key, which is then broadcasted unencrypted over the open network," they wrote.

Then there's a firmware issue. The firmware was written by a company called CVision. It appears to be generic code that was used in other kinds of IP cameras, "presumably to reduce development and support costs," they wrote.

The firmware is not encrypted or digitally signed. The research team added a backdoor to its code, which they could then upload to the camera.

"Firmware should be signed and encrypted as a minimum to stop bad firmware uploads or tampering," they wrote. "Failure to do this not only carries security risks but also business risks."

Context notified Motorola Monitors of the issues in early October. Since then, Motorola and partners that have built software for the device -- including Bintone, Hubble Connected, Nuvoton and CVision -- have worked on patches.

Firmware updates were released a month later, and more fixes "are currently being rolled out to customers' cameras via an automated update process," they wrote.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments