Member Discussion

Hard-Coded Password/Backdoor In Foscam/Related Brands

From an F-Secure Report on Foscam vulnerability discovery:

F-Secure has identified 18 different vulnerabilities in the Opticam i5. Many of these have also been found in the Foscam C2. Some of the vulnerabilities are very severe and easily exploited by an attacker.

F-Secure knows of at least 14 other brands that market Foscam-made devices:

  • Chacon
  • Thomson
  • 7links
  • Opticam
  • Netis
  • Turbox
  • Novodio
  • Ambientcam
  • Nexxt
  • Technaxx
  • Qcam
  • Ivue
  • Ebode
  • Sab

None of these are "security industry" brands that would be of high interest to IPVM readers, so we did not do a report on this specific set of vulnerabilities, but I wanted to post it here so that members are at least aware.

 

Agree
Disagree
Informative
Unhelpful
Funny

Every time you evaluate a camera (are you listening, IPVM test lab elves and stealth-mode Camera vendor RSM's?) you should ask to confirm there are no back door passwords.  If the vendor can't answer that it's bad.  If they lie, it's bad.  If they tell you there is, it's bad.  This is (at least) 15 year old advice.

 

This is another near-miss, where "low end" cameras one "wouldn't" see in a professional installation are vulnerable.

 

Agree
Disagree
Informative
Unhelpful
Funny

There are a lot of Foscam cams Online =)

https://www.insecam.org/en/bytype/Foscam/

Agree
Disagree
Informative
Unhelpful
Funny