Privacy Tip #150 – Home Security Camera Vulnerability

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

The BBC recently posted a story about one of its employees who had access to someone else’s video footage of their home security camera through a mobile app. The security camera was manufactured by Swann.

Following the story, a group of security researchers from Pen Test Partners decided to check it out and bought several cameras and started testing them. They were able to switch video feeds from one camera to another through the cloud service that was being used, which they commented “proving arbitrary access to anyone’s camera.”

The researchers praised Swann in responding to their research and said Swann “took quick action to mitigate the attacks….Yes, there was a bug, but they dealt with it fast.”

The researchers stated that the cameras are battery powered that can stream video live or via a cloud service. The researchers found that the cloud service to the Swann cameras is OzVision. The serial number of the camera model is used as the primary identifier of the camera for the mobile app and is easily searchable in the mobile app. When the researchers logged into the system, they were able to switch the video feeds to each other’s camera by putting the serial number into the platform. They admitted this was pretty easy, but then they determined that because the serial numbers are not sophisticated, it would be relatively easy for a hacker or bad actor to determine serial numbers and gain access to people’s security cameras.

On top of that, the researchers indicated that the cloud vendor, OzVision, which reportedly has over three million smart cameras on its cloud platform, has a vulnerability in its tunnel protocol that does not properly verify that an app user was authorized to view certain material. According to the researchers, although Swann has fixed its vulnerability, other cameras that use OzVision, including the FlirFX smart camera.

The researchers recommend that if you have a Swann or other home security camera, “[U]pdate your mobile app and firmware…to the latest version. You’ll be a whole lot more secure then.”

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide