Cybersecurity Startup VDOO Disclosing 10 Manufacturer Vulnerabilities Starting With Axis And Foscam

Company ********

**** *** *********** ** Israel ** **** ** Uri ***** [**** ** longer *********], **** ****** [link ** ****** *********], and **** ***** [**** no ****** *********], *** all **** ****** *********** in ******* ********. ***** and ***** **-******* ******, an ******** ******** ****, which *********** ** **** **** Networks ** ****. ******* ***** ********* came **** ****** *** EMC, ** ****.

* ******* **** ** VDOO's ******* ** ****** clearly ** ***** *******:

**** **** ** ****** the ******** ********* (**) for ********* *******.

***********, **** ** ******** IP ****** *** ***** IoT ****** ************* (*** others) * ************ ******* (~$**,*** to ******* * ************'* products) ***** ********* ************* checks ** *** ******* and ********.

**** **** **** ** provide (****) * *********** that ******** *** ******* has **** ******* ** their ****** ** * non-vulnerable ******. **** **** to ********* * ******** process *** "****-********** **********", presumably ** ******* *************** they ******** ***** ********** a ******* ** ***-**********.

*******

**** ******** *********$** ******* ** ****************,**** ************ *******, *** ***** ********* investors.

**** ***** **** **** plan ** *** **** funding:

** ******* *** ************* VDOO’s *****-**-***-**** ******** ** Things (***) ******** ********, which ******** ** *********, end-to-end ******* **** ******** devices, ******** *** ***** security ************ *** ************** guidance ***** ** **** analysis, *** ******** ******** certification *** * **** range ** ********* *******.

Axis ************* *******

**** ********* ***** *************** to *** ****' ******** team (******: ** ** 6/27/2018, ******* **** **** added ** *** **********):

***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****

***** *** ** * high **** ***** **** can ****** ** **** administrative ****** ** *** camera. *** ******* ******** to perform ** ****** ** complex, ********* ******** ***** and ******** *********, ****** simpler ****** *************** **** as*****'* ********* ************* ************ ************* *** ****** **** only ****** *******.

*******, **** **** *********** now ******, ** ** only * ****** ** time *** ********** *** bad ****** **** **** advanced ****** ** ****** scripts ***** ******** ***** attacks, ****** ***** *************** **** priority *** ***** ** patch.

Impact ** *************

*** *************** ******* * specific *********** ** ***** to **** *** **** advantage ** ****** ** view ** ****** *** camera ******, ***** *** camera's ******** (****** *********, lens ***********, ***** *******) or *** *** ****** as * ******** ** other ******* ** ****** the *******.

**** ****** ************* ******, which ****** **** ** gain ************ ****** ** the ******* ******** ***.

**** ***** ***** ************ by ******** ** **** logo ***** ******* ** a ********** ******:

***** ******* ***** ********, the ******* (** ******* - * ***** **** logo) ******* ** *** top **** ****** ** the ***** ******:

Foscam *************

** ******** ** *** Axis ***************, ******* ** June, **** **** ********** "***** ***************" ** Foscam *********** **** ********* ** Foscam's ******** ****. ********* these ***** ***************, ********* may ***** *** ******* the ******'* *** ******, inject ********, *** **** over *** ******.

Botnet ****

**** ****** ** ***** reports **** **** *** Axis *** ****** *************** may *********** ** **** to *** ******* ** a ****** *** **** for ****** **** *******, bitcoin ******, ** ***** purposes. ** ******** ** the ***** ******, ***** ******* may ***** ****** ********** to *** **** ******** targets ********* ************* *******.

VDOO *************** ** *************

** **** ***********, **** is ************ ******** *********** considerations:

• ****** ******* ********** **** parts: ** *** *** all ********* ** "****"
• ****** ***** ************: ****** external ******** *** ******** input *******
• ****** ******** *****: **** of ****** *********** ****** hackers ** ******* ******** for **** ** *******

Axis ********

**** ********** ******** ** Axis ********** **** ** ******** products *** ******* ********** ****** *** *************** in *****, ***** ******** 390 ********* **** ****** models.

More *********** ****** / ******** ******

**** *** **** *** months, **** **** ** disclosing **** *************** **** more *************, **** *** responsible ********** ******* ***.

**** ***** **** * positive ****** ** *** cybersecurity ** *** ***** surveillance ********, ***** *** been * ****** ********* focus *** **** *************. Cybersecurity ******** **** *** yet ****** *********** ******** financial ****** ** **** of *** ************* **** have ******** **** ******** vulnerabilities. ****, ***** *** pricing **** **** *** asking *** ************, *** type ** ******* **** are ******** *** *** they *** *********** *** market, **** *** **** a ********* **** ******* partners.

Addendum: **** ******** ** *********

***** ** ******** *** discussion ********* ** *** initial ******, ** ******* VDOO * **** ** questions *** **** *********. There *** * *** remaining ****** ** ******* that ** *** ***** in ********** **** **** for *************, *** ** will **** ***** ********* as **** ** ** receive ****.

****: ** ***** **** about *** ********** **** manufacturers *** **** **** not *** *********, ** have ***** **** *** details *****.

• *: **** ** *** process / ****** **** your ******** ******* *** a ************ ** ******* a *******? **** * manufacturer **** ***** ******* to ***?  
• *: "**** **************-**************** ** ******** ** the ******'* ******** ****, thus ** **** *** require *** ****** ** the ******** ****** ** to *** ****** ****. It **** ******** ** automated ******** ** ***** the ************ ** ******** implement ********-********* ******** ****** and ***** ******** ** design"

• *: *** *** ********** the ***** ****** ** hardware *** ********/******** ** just ********?
  
• *:*** ******** ******* ******* device-specific ******** ************, ******** to *** ******** ***** of *** ******, ***** its ******** *** ******** components *** *** ******** risk *******.

• *:*** *** ******* *************** in ** ****** ******** that **** **** ****** eliminated ** ***** **********, or *** **** ****** across **** *** *********? 
• *:** *******, ****** *** research **’** **** **** practices **** *** ******’* expect ** *** ** 2018. **’** **** **** in ********* ******* ** well ** ** **** “sensitive” *** ******** & systems ** *** ****** of Safety *** ********.
  

• *: ** **** ******* intent *** ***** *********** simply ** **** *********? 
• *: *** ******** ** to ** *** ** our *** *** ** commercialize ***** ******** ** a ******* “***********” ********* ******. We *** * ***** deal ** ******** ** (1) ****** ******** (**** of ******) - ** fix *** ****** ********, as **** ** (*) user ******** - ** make **** **** ******** the ********* ******, **** if ** ****** ** not **********; *** (*) general *********** ** *** specific ****** ** **** as “lessons *******” ** ***** vendors ** ****** ********* security *** *** ******** architecture *** ****** *****.

• *: *** ***** ***** specific ********** *** *** targeting ********/******* *************** ***** now?
• *:** **** ******** ********* Project *******, * ******* which ******** *** *************** of ********* ******* **** the ****** *** ******** fields *** ************ **** the ************ ******* ********. VDOO ***** ***** **** of ******** ***** **** have ****** ****** ** business ********** *****, ****** be ********** “********” ** the ******** *** ******* the ***** ***** ** security.

• *: *** **** *** typical ****** ************ ******** team ******* **** *** contact ****? **** *** been *******/*********?
• *:** **** ********* ** discover **** *** *** leading ************* ** **** been ******* **** **** reached *** *********** **** they *** ** ****** ignore *****-******** *** ** not **** *** ********* to ** “*******” ** “skeptical”. **** ********* **** they *** ***** ***** more *** **** ** their ********* ********* ***** products’ ********.

• *:** ***** ************ ****** companies ** **** ** for **** ******* **** VDOO *** **** **** they *** **** **** and ******? *'* *** for ******* ************* *** cameras, *** **** ***** a ****** **** *********, unless **** *** ****** are ***** *******
• *:***** ** * ***** distinction ******* *** ************* disclosure *******, ***** ** will ******** ** **** with ***** ************ ***** on *** ******** **** practice ********** **. * significantly ****** ** ***** business ********** ***** ************* discovery ** **** * fraction ** **** **** is ********* *** *** set ** ******* & services, *** **** * goal ** ************* *** entire ******** ******* ** the ************* ********. ********, when * ************ ************* uses *** ********* ******** SaaS ********, ** * web ******* ******* ****** by *** ************ ******* our **********, *** *********** automatically ********* ** *** analysis ****** *** *** process **** *** ** shared **** **, ***** we **** *** ** able ** ****** ** and ******* **. ** the ************ ******* ** certify *** *******, ** will ******* **** *********** and **** *********, *** certification ******* **** ** shared ********. ** *** two ***** **** **** published, ** ******** **** than ***** **** (**. industry **** *********) *** the ************* ** *** their ***************, ** **** as ********, ************ **** their ********** ****** ******* the *************** *** ******** they ******* ***** ********'* risks.