Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nearly 200,000 Wi-Fi Cameras Are Open To Hacking (bleepingcomputer.com)

Posted by BeauHD on from the have-a-field-day dept.

An anonymous reader quotes a report from BleepingComputer: What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. The flaws affect a generically named product called Wireless IP Camera (P2P) WIFICAM, manufactured by a (currently unnamed) Chinese company, who sells it as a white-label product to several other camera vendors. Security researcher Pierre Kim says the firmware produced by this Chinese vendor comes with several flaws, which have all made their way down the line into the products of other companies that bought the white-label (unbranded) camera. In total, nearly 1,250 camera models based on the original camera are affected. At the heart of many of these issues is the GoAhead web server, which allows camera owners to manage their device via a web-based dashboard. According to Kim, the cameras are affected by a total of seven security flaws. Yesterday, Kim said that around 185,000 vulnerable cameras could be easily identified via Shodan. Today, the same query yields 198,500 vulnerable cameras. Proof-of-concept exploit code for each of the seven flaws is available on Kim's blog, along with a list of all the 1,250+ vulnerable camera models.

1 of 46 comments (clear)

  1. First link is clickbait. Read the last one by Anonymous Coward · · Score: 2, Informative

    The first link, as it is the norm with the so-called Slashdot nowadays, is clickbait blogspam. The real story is linked last.

    Read it. It's super lulz-worthy. Basically this is as bad as you can get.

    This is not just default-password mindless hack. The funny thing is this

    But it appears access to .ini [system config blob] files are not correctly checked. The attacker can bypass the authentication by providing an empty loginuse and an empty loginpas in the URI... This vulnerability allows an attacker to steal credentials, ftp accounts and smtp accounts (email).

    So no matter whatever password there is, you can simply read it off the server without auth. After reading the credentials in plaintext, you can exploit another hole in the FTP config (why the fuck they put FTP there) program and execute arbitrary code as root.

    Those people are doofus.