Vulnerabilities in Foscam IP Cameras Enable Root and Remote Control

A series of recently found vulnerabilities could have let cybercriminals remotely compromise and control Foscam IoT security cameras. Chaining three exploits, hackers would have had the ability to completely take remote control of the IoT devices, by deleting critical files stored on the device, crashing and critical services, and even triggering a shell command injection vulnerability to elevate privileges.

The three vulnerabilities, CVE-2018-6830, CVE-2018-6832, and CVE-2018-6831, were reported by Vdoo security researchers who also compiled a list of 55 vulnerable devices and their affected firmware build. The single perquisite for compromising the affected IoT security cameras is for the attacker to know the camera’s IP address, then simply chain the vulnerabilities together.

While researchers found no indication the vulnerabilities were used in the wild, they did notify Foscam and praised the company’s immediate response and patch deployment. However, because the vendor also delivers the firmware as part of a white-label offering, researchers estimate that the number of potentially affected IP security cameras could be significantly higher.

Making it difficult to estimate the total number of affected devices, both security researchers and the manufacturer advise everyone to check if their camera is running an outdated firmware version and updated it to the latest build.

“To ensure your safety, we have recently reviewed and updated all of our cameras’ firmware to fully protect against any future security threats,” reads the Foscam firmware update notification. “The risks these updates are correcting were negligible in nature, however it is imperative to our commitment to security to be proactive and mitigate all potential vulnerabilities.”

Everyone is strongly encouraged to update their IoT security cameras to their latest firmware build, as well as check for security updates for other household IoT devices.