7 New Vulnerabilities Discovered In P2P WiFi Cameras

From slashdot post:

What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking.

The flaws affect a generically named product called Wireless IP Camera (P2P) WIFICAM, manufactured by a (currently unnamed) Chinese company, who sells it as a white-label product to several other camera vendors.

Security researcher Pierre Kim says the firmware produced by this Chinese vendor comes with several flaws, which have all made their way down the line into the products of other companies that bought the white-label (unbranded) camera. In total, nearly 1,250 camera models based on the original camera are affected.

At the heart of many of these issues is the GoAhead web server, which allows camera owners to manage their device via a web-based dashboard.

According to Kim, the cameras are affected by a total of seven security flaws. Yesterday, Kim said that around 185,000 vulnerable cameras could be easily identified via Shodan. Today, the same query yields 198,500 vulnerable cameras.

Proof-of-concept exploit code for each of the seven flaws is available on Kim's blog, along with a list of all the 1,250+ vulnerable camera models.


** Posted from mobile device and title and link to second article did not come through correctly.

Moderators, I can't seem to edit my post. Could you please alter title to include "cameras".

Also, please add link to Slashdot article where text was pulled from:

https://it.slashdot.org/story/17/03/09/2212227/nearly-200000-wi-fi-cameras-are-open-to-hacking

I was reading about that earlier. These look to have been mainly sold in China (though shodan does show a few thousand with US IPs), and the vulnerability is not in GoAhead specifically, but in how the GoAhead web server was setup/configured in the cameras (that does not make them any less vulnerable, just making it clear).

Cisco Security just tweeted this out.

Seems like the Chinese are under a heavy siege. I wonder how will they respond.

They will respond by lowering prices lol