Saturday, January 21, 2017

Security hole in Samsung-webcams – hackers can take over the control – IDG.see

The popular camera, according to IDG News contain vulnerabilities that allow hackers can gain root access and completely control the camera from the outside. The error was discovered by a hackarkollektiv that goes under the name of Exploiteers and knocks out parts of the settings that have been made already by the manufacturer. The hackers can via a script to send the custom code to the camera, despite the fact that the manufacturer has closed of the web-based local management interface.

also Read: the Holidays in gisslanbranschen – fewer attacks in december

the Camera Smartcam included in a series of cloud-based security cameras, originally developed by Samsung Techwin. The division was sold to another south Korean group of companies and called in the day Hanwha Techwin. Error in the management interface have been reported previously for several models in the series. Based on this, the company has now chosen to completely disconnect the administration panel. The only possibility to get access to the camera is now via a smartphone app and cloud service My Smartcam.

also Read: Check out the, Samsung – here is the battery with built-in fire extinguisher

Hackarkollektivets analysis of the camera, with the model name of the SNH-1011, has shown that even if it failed to interact with the camera via webbsnittet so running still php-script for a video surveillance system called the Iwatch. Such a script allows the user to update the Iwatch by uploading a file. But it also has a vulnerability that comes from an improper cleanup of the file name. The error can thus be exploited to run commands which in turn are executed by the web server. The error has been found specifically in the current model, but The Exploiteers believe that the vulnerability can be in more models.

LikeTweet

No comments:

Post a Comment