Researchers find flaw in internet security camera that lets hackers snoop on users’ video feeds and even hijack the device to scan a network for other holes
- Researchers discovered cameras made by Cacagoo had multiple vulnerabilities
- One flaw allows hackers to tap into audio and video feeds
- Another allowed hackers to scan networks for other vulnerable devices
- The cameras were also seen sending data to a Chinese server
A brand of home surveillance camera has been spotted with serious flaws that give hackers a backdoor into video feeds and potentially even other devices on one’s home network.
According to security researchers at Avira, an internet protocol (IP) camera made by the company Cacagoo not only contains a flaw that makes it possible for hackers to peer into one’s video feed, but also potentially exposes other devices hooked up their network.
IP cameras made by the company Cacagoo like the one pictured were discovered sporting some serious flaws that allows hackers to monitor video and audio and even scan home networks for more flaws
Researchers say they were able to exploit the cameras use of telnet – a fairly outdated application protocol used to transmit data using only plaintext – by leveraging what’s known as a brute force attack.
Brute force submits many password attempts to a system with the eventual goal of guessing the right passphrase.
‘During our assessment of different IoT devices, we got our hands on Cacagoo IP camera, and found vulnerabilities that can not only enable attackers to intercept and view recorded videos, but also to manipulate the device itself as well as other devices within the same network,’ wrote researchers in their report.
Additionally, researchers found that the cameras, which takes digital video and sends its image data through the internet, did not encrypt audio and video sent through the network.
If the company encrypted the data, a hacker with access to the stream of audio and video would have a much harder time actually looking at the stream.
Adding to the concern, researchers say they also spotted suspicious activity with the camera transmitting data to an unknown Chinese server.
Cameras were also discovered inexplicably sending data to a strange Chinese server according to researchers
‘During our network behavioral analysis of both devices, we observed suspicious behaviour while analysing the YCC365 plus application traffic, which really caught our attention,’ they wrote.
The leak of that information is not only suspicious but can be considered a security flaw in an of itself, they write.
Internet-connected security cams have come under increasing scrutiny over the past year as flaws in popular cameras made by Ring, an Amazon-owned company, have become apparent.
A string of highly publicized hacks in which intruders we able to take over Ring cameras were reported late last year.