Swann's home security camera recordings could be hijacked ( FLIR also )

mat200

mat200

IPCT Contributor
Jan 17, 2017
15,521
26,135
Swann's home security camera recordings could be hijacked
( FLIR also.. )

"..
The intercepted messages included a reference to a unique serial number given to each camera in the factory.

By altering the serial number, the researchers were able to obtain video feeds from other cameras - something they tested by typing in numbers belonging to other cameras that they had bought.

At no point were they required to type in the other accounts' usernames and passwords."
..

"..the researchers discovered that a US-based security consultancy had previously flagged a similar issue with another brand supported by OzVision - Flir FX.

Despite Flir having been told of this a year ago, Mr Munro's team found it was still able to hijack feeds in a similar manner to the way it had done with Swann's kit."

 
  • Like
Reactions: bigredfish and fenderman
Yes, another example of dumb coding, and ineffective code reviews.

Every time I hear of one of these vulnerabilities, and it gets fixed and closed off, I imagine the security services backroom folk sighing a bit and opening their filing cabinet to pick out the next vulnerability from their collection to use instead.
 
  • Like
Reactions: fenderman and mat200
tridentprotective said:
This issue highlights a critical gap in the integrity of certain connected systems, underscoring the importance of robust security services in protecting sensitive data and preventing unauthorized access. The ability to hijack video feeds by simply altering serial numbers is a stark reminder of the vulnerabilities inherent in poorly secured IoT ecosystems.

For security services providers, this emphasizes the need to prioritize thorough security audits, encryption, and multi-factor authentication as non-negotiable standards when deploying or managing surveillance solutions. It also serves as a call to action for manufacturers and third-party developers to collaborate closely with cybersecurity experts to address such flaws proactively rather than reactively.

These incidents not only jeopardize trust in security services but also expose clients to risks that undermine the very purpose of these systems. Vigilance, transparency, and swift action to resolve vulnerabilities must remain at the core of the industry’s mission to safeguard people, assets, and information.
Click to expand...

Got bot?
 
  • Like
Reactions: mat200, tigerwillow1 and bigredfish
tridentprotective said:
This issue highlights a critical gap in the integrity of certain connected systems, underscoring the importance of robust security services in protecting sensitive data and preventing unauthorized access. The ability to hijack video feeds by simply altering serial numbers is a stark reminder of the vulnerabilities inherent in poorly secured IoT ecosystems.

For security services providers, this emphasizes the need to prioritize thorough security audits, encryption, and multi-factor authentication as non-negotiable standards when deploying or managing surveillance solutions. It also serves as a call to action for manufacturers and third-party developers to collaborate closely with cybersecurity experts to address such flaws proactively rather than reactively.

These incidents not only jeopardize trust in security services but also expose clients to risks that undermine the very purpose of these systems. Vigilance, transparency, and swift action to resolve vulnerabilities must remain at the core of the industry’s mission to safeguard people, assets, and information.
Click to expand...

my money is on AI scambot ..
 
I'll bet a bottle of Knob Creek 18yo its a bot.

Nobody talks like that unless you're reading from a powerpoint
 
  • Like
Reactions: mat200
You must log in or register to reply here.
Top Bottom