Newfound Bugs Expose Webcams’ Vulnerabilities

Computer viruses are harnessing webcams, thermostats and other connected devices—while owners remain in the dark

A security camera at a laundromat in Carbondale, Colo. The laundromat’s security system was affected by virus that harnesses the computing power of internet-connected devices to launch attacks.

A security camera at a laundromat in Carbondale, Colo. The laundromat’s security system was affected by virus that harnesses the computing power of internet-connected devices to launch attacks. PHOTO: BLAKE GORDON FOR THE WALL STREET JOURNAL

.

March 20, 2017 5:30 a.m. ET

Researchers in recent weeks discovered a laundry list of vulnerabilities that leave web cameras and digital video recorders open to hacking, often because the devices continue to run outdated software.

Earlier this month, independent security researcher Pierre Kim named seven bugs afflicting more than 1,200 webcam models, allowing attackers to bypass firewalls, log into the devices with a preprogrammed “backdoor” account or watch a live stream of the cameras without signing in at all.

Mr. Kim advised owners of the affected cameras to immediately disconnect them from the internet, noting that hundreds of thousands of the devices are vulnerable to one bug and millions more could be accessed through another security flaw.

Some of the hacks exploited a modified version of GoAhead, a web server used with many internet-connected devices. Michael O’Brien, chief executive of GoAhead maker EmbedThis Software LLC, said he found some manufacturers shipping products with 13-year-old versions of his software. Without proper security, “you’re hurting the customer and hurting the broader internet,” he said.

Manufacturers are expected to add another 2.5 billion connected devices, from laptops to lightbulbs, to the market this year, according to IHS Markit Research. Many are programmed to download the latest security updates out of the box, but others require their owners to do it manually.

Some camera makers are shoring up their defenses. D-Link Systems Inc., one of the brands listed in Mr. Kim’s research, said it is monitoring third-party reports and recommends that customers register and use its software-update services to keep their cameras secure. Dahua Technology Co. this month released updates to patch new security gaps in its cameras and digital video recorders, after they were revealed by an independent researcher who goes by “Bashis” online.

Still, given the continuing cat-and-mouse game between hackers and security experts and the large number of manufacturers that still ship devices with outdated software, “this is a bad time for camera owners,” Mr. Kim said.

Write to Drew FitzGerald at andrew.fitzgerald@wsj.com

https://www.wsj.com/articles/newfound-bugs-expose-webcams-vulnerabilities-1490002205?mod=e2tw

Advertisements

Tags: , , , , , , , , , , , , , , , , , , , , ,

One Response to “Newfound Bugs Expose Webcams’ Vulnerabilities”

  1. daveyone1 Says:

    Reblogged this on World Peace Forum.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: