March 20, 2017 5:30 a.m. ET
Researchers in recent weeks discovered a laundry list of vulnerabilities that leave web cameras and digital video recorders open to hacking, often because the devices continue to run outdated software.
Earlier this month, independent security researcher Pierre Kim named seven bugs afflicting more than 1,200 webcam models, allowing attackers to bypass firewalls, log into the devices with a preprogrammed “backdoor” account or watch a live stream of the cameras without signing in at all.
Mr. Kim advised owners of the affected cameras to immediately disconnect them from the internet, noting that hundreds of thousands of the devices are vulnerable to one bug and millions more could be accessed through another security flaw.
Some of the hacks exploited a modified version of GoAhead, a web server used with many internet-connected devices. Michael O’Brien, chief executive of GoAhead maker EmbedThis Software LLC, said he found some manufacturers shipping products with 13-year-old versions of his software. Without proper security, “you’re hurting the customer and hurting the broader internet,” he said.
Manufacturers are expected to add another 2.5 billion connected devices, from laptops to lightbulbs, to the market this year, according to IHS Markit Research. Many are programmed to download the latest security updates out of the box, but others require their owners to do it manually.
Some camera makers are shoring up their defenses. D-Link Systems Inc., one of the brands listed in Mr. Kim’s research, said it is monitoring third-party reports and recommends that customers register and use its software-update services to keep their cameras secure. Dahua Technology Co. this month released updates to patch new security gaps in its cameras and digital video recorders, after they were revealed by an independent researcher who goes by “Bashis” online.
Still, given the continuing cat-and-mouse game between hackers and security experts and the large number of manufacturers that still ship devices with outdated software, “this is a bad time for camera owners,” Mr. Kim said.
Write to Drew FitzGerald at firstname.lastname@example.org
Tags: backdoor, Bashis, bypass firewalls, cyber, D-Link Systems, Dahua Technology, devices, digital video recorders, EmbedThis Software, GoAhead, hacking, I(nternet, IHS Markit Research, Internet security, log on, outdated software, Pierre Kim, security flaws, sports, vulnerabilities, vulnerable devices, web cameras