Subscriber Discussion

Hard-Coded Password/Backdoor In Foscam/Related Brands

Avatar
Brian Karas
Jun 08, 2017
IPVM

From an F-Secure Report on Foscam vulnerability discovery:

F-Secure has identified 18 different vulnerabilities in the Opticam i5. Many of these have also been found in the Foscam C2. Some of the vulnerabilities are very severe and easily exploited by an attacker.

F-Secure knows of at least 14 other brands that market Foscam-made devices:

  • Chacon
  • Thomson
  • 7links
  • Opticam
  • Netis
  • Turbox
  • Novodio
  • Ambientcam
  • Nexxt
  • Technaxx
  • Qcam
  • Ivue
  • Ebode
  • Sab

None of these are "security industry" brands that would be of high interest to IPVM readers, so we did not do a report on this specific set of vulnerabilities, but I wanted to post it here so that members are at least aware.

 

U
Undisclosed
Jun 08, 2017

Every time you evaluate a camera (are you listening, IPVM test lab elves and stealth-mode Camera vendor RSM's?) you should ask to confirm there are no back door passwords.  If the vendor can't answer that it's bad.  If they lie, it's bad.  If they tell you there is, it's bad.  This is (at least) 15 year old advice.

 

This is another near-miss, where "low end" cameras one "wouldn't" see in a professional installation are vulnerable.

 

Avatar
Ricardo Souza
Jun 08, 2017
Motorola Solutions • IPVMU Certified

There are a lot of Foscam cams Online =)

https://www.insecam.org/en/bytype/Foscam/

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions