1 min read

Vulnerabilities in Foscam IP Cameras Enable Root and Remote Control

Liviu ARSENE

June 08, 2018

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Vulnerabilities in Foscam IP Cameras Enable Root and Remote Control

A series of recently found vulnerabilities could have let cybercriminals remotely compromise and control Foscam IoT security cameras. Chaining three exploits, hackers would have had the ability to completely take remote control of the IoT devices, by deleting critical files stored on the device, crashing and critical services, and even triggering a shell command injection vulnerability to elevate privileges.

The three vulnerabilities, CVE-2018-6830, CVE-2018-6832, and CVE-2018-6831, were reported by Vdoo security researchers who also compiled a list of 55 vulnerable devices and their affected firmware build. The single perquisite for compromising the affected IoT security cameras is for the attacker to know the camera’s IP address, then simply chain the vulnerabilities together.

While researchers found no indication the vulnerabilities were used in the wild, they did notify Foscam and praised the company’s immediate response and patch deployment. However, because the vendor also delivers the firmware as part of a white-label offering, researchers estimate that the number of potentially affected IP security cameras could be significantly higher.

Making it difficult to estimate the total number of affected devices, both security researchers and the manufacturer advise everyone to check if their camera is running an outdated firmware version and updated it to the latest build.

“To ensure your safety, we have recently reviewed and updated all of our cameras’ firmware to fully protect against any future security threats,” reads the Foscam firmware update notification. “The risks these updates are correcting were negligible in nature, however it is imperative to our commitment to security to be proactive and mitigate all potential vulnerabilities.”

Everyone is strongly encouraged to update their IoT security cameras to their latest firmware build, as well as check for security updates for other household IoT devices.

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader