Subscriber Discussion

Is This Another Camera Hacking Attack?

Avatar
Armando Perez
Nov 29, 2016
Hoosier Security and Security Owners Group • IPVMU Certified
(1)
Avatar
Brian Karas
Nov 29, 2016
IPVM

From the comments and looking at the source on github it looks like someone took firmware for some consumer cameras and decompiled/analyzed it running in an emulator (QEMU), and found a vulnerability.

The potential hack has not been tested on any actual devices (yet). However, this is exploiting a flaw in the webserver that runs the camera, so you would not need uncommon ports like telnet open to take advantage of this, any camera setup for remote access could theoretically be exploited.

Thanks for tip, we will keep an eye out to see if this evolves into a real-world threat.

(1)
U
Undisclosed #1
Nov 29, 2016
IPVMU Certified

The affected brands are:

UCam247
Phylink
Titathink
YCam
Anbash
Trivision
Netvision

(1)
JH
John Honovich
Nov 29, 2016
IPVM

So who is the original manufacturer? Of those, I only know YCam.

U
Undisclosed #1
Nov 29, 2016
IPVMU Certified

Same here, only heard of YCam. Apparently the vulnerability lies within the popular and free embedded web server goahead.

So the cameras may or may not be related to a single manufacturer.

These cams and goahead web server have been getting beat on for a while now, here's some hacker news.

Avatar
Michael Budalich
Nov 29, 2016
Genetec

The link you shared is not working for me. Can you please provide an updated link?

Avatar
Brian Karas
Nov 29, 2016
IPVM

Odd, it works for me.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions