Hanwha / Kaspersky Vulnerability Dispute Examined
Read the full report here
Btw, a note on why we are 'late' reporting (not to the security trade press, which rarely covers such things but to mainstream IT). As noted in the report, we went back forth between both parties and that took time to get answers, check on things, etc.
Two other things that did not make the post but worth commenting on. Kaspersky included this infographic in their press release:
And report from Sputnik News: Kaspersky Lab Researchers Discover Sinister Flaw in Popular Smart Cameras
But the difficulty becomes what responsibility the researcher has in terms of accurately and fairly disclosing vulnerabilities as well as providing proof of those vulnerabilities.
I believe it is important to prove the claims, so it can be reproduced and verified by other researchers.
When reading;
Kaspersky: Unfortunately we cannot disclose any technical details of the critical vulnerabilities because we are still not sure if all the smart cam owners have installed security updates.
It becomes in my eyes clear that will never happen, because how to verify that "all the smart cam owners have installed security updates."
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.