Security Vulnerability: Camera Reboot Process Visible

We have a significant deployment of cameras from a specific manufacturer, I am not going to blast them... but maybe I should, who allows their cameras to be rebooted in clear text with a web browser without authentication. I approached them to see if they could "fix" the problem, gave them enough time to address and I still have not heard from them yet. Their only solution was to segment my cameras so no one could get to them. That is fine but the risk still exists and they HAVE NOT disclosed this issue to anyone. When I spoke to them, they indicated "they new about it". I was able to keep a camera down by refreshing my clear text... funny how they did not see this as a vulnerability. I asked if they published the problem or communicated the issue to their integrators/partners... no. The cameras also fail when a vulnerability scan is conducted, the image fails, it becomes multi colored and distorted. Their solution to this was to not scan them. The only issue I have with this is I have cameras which do not fail upon scanning and I would rather maintain my relationship with my InfoSec team than get on their bad side. The funny thing is they currently advertise cyber security is important and is found in every camera.

I searched IPVM and did not see any discussion or articles about this issue with this manufacturer. I searched the internet and again could not see any discussions. I have given this manufacturer over 4 months to address this. Questions:

  • Is there a list of cameras with this issue?
  • Do you agree cameras, or any IoT, should be able to reside on a network and behave securely without depending on firewalls, ACLs, etc.
  • At what point do I "alarm" everyone of the issue? How much time is enough time?

first post - thanks

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

*****, *** #*, *******.

**** ****/*****/***** ** ******* *** *****? ******* **** ******* *** get *** ****** *********** ** ********** **** *****.

****, *** '************* ****' **** ****** **** ** **** - what ** **? ** *** **** **** *****/********* *** ***** scanned?

**’* * ***** ************* **** **** ******.

*** ***** **** **** ***** *** *****:

**, **, **, **, **-**, **, **, **, **, **, 69-70, **-**, **, **, ***-***, ***, ***-***, ***, ***, ***, 143, ***, ***-***, ***, ***, ***, ***, ***, ***, ***-***, 512-515, ***-***, ***, ***, ***, ***, ***, ***, ***, ***-***, 873, ***-***, ***, ***-***, ***, ****, ****, ****, ****, ****, 1433, ****, ****, ****, ****, ****, ****, ****, ****-****, ****, 2049, ****, ****, ****, ****, ****, ****, ****-****, ****, ****, 3389, ****, ****-****, ****-****, ****, ****, ****-****, ****-****, ****, ****-****, 5900-5901, ****, ****, ****, ****, ****-****, ****, ****, ****, ****, 7777-7778, ****-****, ****, ****-****, ****, ****, ****, ****, *****, *****-*****, 20034, *****, *****, *****-*****

******, ****'* * ******* *************.

**** ******** *** *********** *** ********* *****. **** ** *** the **** ** ******** *** ****** ****** **** * ********-******** device, *** ** ********** * *********** **** ** **** ************.

***** *** ******* ************ ****** *** *********** **********. *** *******,**** *** **** *** **************:

  • *** ******** ********** *** ***** *** ************* ** ************** ****** it ** *** ******** *******.
  • *** ******** ********** *** ******* **** ** **** ***** ** establish ** ****** **** ****** ** **** *** *** ************* to ** *******.
  • **** *** ****** **** **** ****** ******* *** *** ************* is ******* ** *** ***** ** ********* *** ************ ** the ***** ** *** ********, *** ******** ********** *** ******** disclose *** *************.

**** **** *** *** **********, *** ******* ******** ** *** working **** *** ** **** *, *** *** **** ** have ******** ************ **** **** ** ****. ** **** ********, you ***** ********* ** ********** ** *** ***** ** ****** to **** **********, *** ******* *** ************* ********. **** ***** warn ****** ** *** *****, *** *********** **** ******** *** company ** ******* **.

** ******* ** **** **********, *** ** *** **** ** publish ***** ** ********* **, ****** ******* **** *** ****** here, **** ** ** * ***** ***** *** *** ** reproduced ********, ***. ***** ***** *** ** ****** ****** ******* giving *** * ****** ** **** ** **** (*** ******* increase ***** *** ****).

*****, **** **** ** ****** ** *** ****** ****** ******* is *******? *** *** *** ****** ** ** **** *********?

*********** #*, *** **** **** ********* *** ******** ** **** network? *** ***** ** **** ** *** ** **** *******? You **** ********* ** ****** ****. * ****** ***** *** be ***** **** **** * ****** *******, ************, ** * risk.

* ******* *** ** ******* ***** ** *** ******* **** the *** ******** *****. *** ******** * ********/******** ** ****** while *** ***** **** *** (*** **** ****).

**** --**** {********}:{********} ****://{*********}/...=******

**.

**** -- ****://{*********}/...=******

**** ***** **** *** ****** **** ****** *** ** **** an *************** **** ****** ***** *********** ** *** **** *****. Just ******** * ***** ** **** ******* ******* ***** *** crash *** ****** ** **** *** ****** *********.

***** **** *********** ** *** ***** ******** *****-******* *** ********* under **** (***** * ************* ****), *'* ***** ** ***** it's *******?

**'* *** ***** **** *** ****, *** * ******* *** issue ** **** *** *** ****** *** ****** *** *** network ******* **************. ****, **'* *** **** **** *** ****** dies ***** *** ****** ** * ************* ****. ***** *** a *** ** ********** ******* ******** **** ****** * ************* test, *** ** ******** * *** ** ********* ** ***-********* network *******, *** *** **** ** **** **** **** * DDOS ****** *** ****** *** ** ******** ** ******* *** device.

****: ***** ** * ******** ** **

*** ******* **** **** **** * ************* **** ** *********...

*** * *** ***** ****** ** **;)