facebook twitter google rss

Samsung Security Cameras Hacked, Consumers At Risk

  • comments
  • print
  • email
By Paul Te staffreporter@latinoshealth.com
Jan 21, 2017 11:09 AM EST
Tags Samsung SmartCam, security camera, consumers, gadgets, security cameras, security, camera, hackers, vulnerabilties of the Samsung SmartCam devices

Samsung SmartCam security cameras has been in the market for a while but instead of quality service for its consumers. Samsung SmartCam security camera has the Achilles heel for hackers to gain access and take full control of it.  

Per article posted in PCWorld, the flaw was discovered by the researchers from the hacking collective the Exploitee.rs, who have found the vulnerabilities of the Samsung SmartCam devices in the past. The Exploitee.rs said that the faults allow the command injection through a web script, even though the vendor has disabled the local web-based management interface in these devices.

As a response to the vulnerability issue, the Samsung developer, Hanwha Techwin, decided to completely disable the local administration panel and only allow users to access the cameras through the accompanying smartphone application with its My SmartCam cloud service. However, even if accessing the web interface over local network was no longer possible, the Exploitee.rs researchers analyzed the Samsung SmartCam SNH-1011 and noticed that the web server is still running on the device and hosts some PHP scripts related to the video monitoring system called iWatch.

The researchers explained in a blog post that running the video monitoring system iWatch would still entails vulnerability to the SmartCam devices. "The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a php system() call. Because the web-server runs as a root, the filename is user supplied, and the input is used without sanitization, we can inject our own commands within to achieve root remote command execution", the researchers added.

Daily Mail also reported in their article that the Exploitee.rs alerted Samsung last August that they could hack the network of the security camera through the net. But, Samsung, instead of fixing the problem, resolve to alter the system and force the users to run their SmartCams through the SmartCloud site.

A security advocate of the Alien Vault, Javvad Malik, said that "this vulnerability highlights the difficulty in securing smart devices even for large manufacturers." Malik also added, "It shows that finding issues in devices is one thing, but fixing them is another issue. It's typically not so easy to push out updates of fixes to smart devices, and when they do get sent it doesn't always achieve the desired result."

Moreover, researchers believed that the vulnerability in SNH-1011 model, affects all the Samsung SmartCam series. The flaw can be exploited to turn on the disabled web management services. Re-enabling the web interface will allow the users to monitor the camera feed via local network again without using My SmartCam service. However, it can also rectivate some of the old vulnerabilities that the vendor mitigated by disabling the interface allowing easy access to hackers.

Join the Conversation
Latest News
Moissanite Co.
Moissanite Pendants: 10 Reasons Why Every Woman Should Have One
Photo by Marcus Aurelius
How to Navigate Getting to Rehab in a Wheelchair
Photo by National Cancer Institute on Unsplash
Is Treatment at a Mexico Cancer Center Right for You?
Photo by Jason Briscoe on Unsplash
5 Steps to a Healthier You in a New Location
Photo by Spencer Watson on Unsplash
Can A Foreigner Own A House In Tulum?
What is the Clinical Clerkship Phase of Medical School?
What is the Clinical Clerkship Phase of Medical School?
Copyright © 2024 Latinos Health. All rights reserved. Reproduction in whole or in part without permission is prohibited.
Real Time Analytics